If you run a facebook group, you will notice that a lot of spammers and scammers start to infiltrate but posing as legit members. How do you identify these people?
Here is an example. This member “Joan Mayer” joins US Visa groups on facebook posing as a woman. “She” this message in the most popular comments to get views:
Employment opportunity 2015/2016 in hotels, FACtory , Oil company , and airport
The management of Marriott hotels, currently need new workers which careers suite into this work categories, Stewards, nurses, Technicians, Fashion designers , comedians and Entertainers, models, actors, dancers, medical doctor, Artisans, Mechanics, engineer, cleaners, washers, security, Club Bouncers, Catering supervisor, Cooks, Receptionist, Food & Beverage Management, Store Keeper, Landscape & graphic designer, Computer Engineering, professional massage, Professional Chauffeurs, professional beauticians, professional Gardener and florist, Gym and exercise instructors, etc.
Our hotel will be responsible for the payment for his/her air ticket and accommodation, so if you are interested you can contact us direct at this below e-mail address link. With your C.V.
We look forward for your prompt reply via this email address for more information’s needed.
A quick search on “her” number reveals that the number is associated with some sort of scam:
indian scammer number
A search of “firstname.lastname@example.org” reveals more about the source of this message:
It looks like some kind of agency. Maybe not a scam but definitely spam.
11 Mar 2011, Japan just had a series of huge earthquakes (including one that was 8.9). The result was a huge tsunami and loss of life still being calculated. The tsunami of fraud and scams have already started on Facebook and have surely hit the shores of email spam inboxes everywhere.
Submission date: March 2011
The quake triggers a tsunami that threatens much of the Pacific. Up to 300 bodies are found in the city of Sendai in northeastern Japan, an area believed to have been hit hardest by the massive waves.
Hundreds are dead after the worst earthquake in generations struck off the northeast coast of Japan on Friday, setting off a devastating tsunami that swallowed swaths of coastal territory and fanned out across the Pacific Ocean, threatening everything in its path.
Its called SMS spam, SpaSMS, mobile spamming, and m-spamming.
I was in Amsterdam in Sept. 2010 and I kept getting spam texts:
Investor Stock Alert! Our pick is up 60% so far today, DO NOT MISS OUT! Get in Fast and Early. For
Hot Penny Stock Alert! AHuge PR Campaign has begun for Fleet Managment, starting
I don’t normally get these messages in the US. I am not sure if this has to do with the carrier I have here or what.
AIM: You have received a txt from an AIM user. To stop AIM TXTs, reply ‘out’ to this msg.
What really sucks about this sort of spam is that you have to open the text message up to stop it. Once you open up the message, you will see something like this at the bottom of the text
(Reply 'block' to stop this user). But the way the spam “user” gets around this is to send the same text message from multiple fake user names. The other thing that really sucks is that, depending on your text message service plan, you maybe charged for each message you receive! OUCH!
How do you block spam text messages?
The way the sms text spammers are finding your phones text address is by guessing. They know that the typical address follows this format:
[10-digit wireless number]@txt.att.net
[10-digit wireless number]@vtext.com
[10-digit wireless number]@tmomail.net
(comprehensive list 1,2)
So they just put all the numbers possible for a given area. This is easy with good software. Its abuse of the text message marketing using bulk text messaging software and/or services. They will typically forward from multiple fake usernames to the same text address. Its like war-texting or brute force marketing.
The good news is that your cell phone service should offer some sort of text-blocking services.
(from pogue nytimes blog)
* AT&T: Log in at mymessages.wireless.att.com. Under Preferences, you’ll see the text-blocking and alias options. Here’s also where you can block messages from specific e-mail addresses or Web sites.
* Verizon Wireless: Log in at vtext.com. Under Text Messaging, click Preferences. Click Text Blocking. You’re offered choices to block text messages from e-mail or from the Web. Here again, you can block specific addresses or Web sites. (Here’s where you set up your aliases, too.)
* Sprint: No auto-blocking is available at all, but you can block specific phone numbers and addresses. To get started, log in at http://www.sprint.com. On the top navigation bar, click My Online Tools. Under Communication Tools, click Text Messaging. On the Compose a Text Message page, under Text Messaging Options, click Settings & Preferences. In the text box, you can enter a phone number, email address or domain (such as Comcast.net) that you want to block.
* T-Mobile: T-Mobile doesn’t yet offer a “block text messages from the Internet” option. You can block all messages sent by e-mail, though, or permit only messages sent to your phone’s e-mail address or alias, or create filters that block text messages containing certain phrases. It’s all waiting when you log into http://www.t-mobile.com and click Communication Tools.
Fri 05/30 10:45 Take the Chitika|Premium Challenge – We 4.74
email@example.com Sat 05/31 18:48 THANKS FOR YOUR PAST EFFORT. 5.022
devyn-kitayosh@OZLUER.COM Sat 06/07 13:57 Be the longest, be admired 5.504
firstname.lastname@example.org Thu 05/29 19:15 CONTACT MY SECRETARY FOR YOUR COMPENSAT 5.552
ventoler1965@ETCNY.COM Sun 06/08 5:15 Receipt number for your purchase with u 5.584
email@example.com Thu 06/05 21:30 Luxury 6.969
Don-nocotavo@CENTERDATA.DK Sun 06/08 20:12 Enlarge your organ easily with us today 7.28
RichcellarOsborn@lifefone.com Sun 06/08 4:42 Timepieces Online. Shop us 7.319
firstname.lastname@example.org Tue 05/27 20:09 CONTANT EFEX EXPRESS COMPANY WORLD 7.459
orouksal1953@HUNTINVESTMENT.COM Thu 06/05 16:42 Super savings off all herba1 products 7.738
email@example.com Sat 05/31 0:54 CONTACT UNITED STATE PARCEL SERVICE FOR 8.042
MaeepitaxialPiper@merriam-webster.com Tue 06/10 10:21 Penis Enlargment Reviews 8.086
firstname.lastname@example.org Wed 06/04 16:36 Update your Penis 8.477
email@example.com Tue 06/03 5:45 Congratulation!Congratulation!!Congratu 8.504
firstname.lastname@example.org Tue 06/03 5:42 Congratulation!Congratulation!!Congratu 8.504
email@example.com Mon 06/09 22:30 RE: SALE 80% OFF 9.188
firstname.lastname@example.org Fri 05/30 2:21 RE: SALE 86% OFF 9.188
email@example.com Wed 05/28 10:06 RE: SALE 89% OFF 9.188
firstname.lastname@example.org Sat 05/31 12:15 RE: SALE 84% OFF 9.188
email@example.com Sun 06/01 7:06 FOU YOUR KIND ATTENTION 9.308
firstname.lastname@example.org Fri 05/30 3:30 Congratulation!Congratulation!!Congratu 9.625
email@example.com Mon 06/09 12:15 Luxury 10.249
PATRICKCHAN@CHAN.NET Fri 05/30 16:54 BUSINESS PROPOSAL!!! 10.46
firstname.lastname@example.org Tue 06/03 19:45 PAYMENT NOTIFICATION 10.68
email@example.com Fri 05/30 19:30 YOUR PAYMENT NOTIFICATION 12.685
firstname.lastname@example.org Thu 06/05 2:48 MR JUSTIN KOKUVI 13.444
email@example.com Wed 06/04 2:48 Please Respond. 14.125
firstname.lastname@example.org Wed 06/04 2:42 Please Respond. 14.125
email@example.com Tue 06/03 4:54 FINAL DELIVERY NOTICE 14.939
firstname.lastname@example.org Fri 06/06 12:18 Re:to rob! 15.345
email@example.com Mon 06/02 11:33 ONLINE SWIFT HUMANITARIAN WINNING NOTIF 18.788
firstname.lastname@example.org Wed 05/28 12:33 Compliment 19.183
email@example.com Fri 05/30 4:57 SEEKING FOR YOUR HELP 19.321
firstname.lastname@example.org Tue 06/03 2:15 CONFIDENTIAL BUSINESS PROPOSAL 19.565
email@example.com Sat 06/07 16:57 Please read very carefully 19.997
firstname.lastname@example.org Wed 06/04 8:09 YOUR UGRENT REPLY NEEDED 20.289
email@example.com Tue 06/03 2:54 Regarding Your Inheritance 21.064
firstname.lastname@example.org Tue 06/03 1:27 FROM:MRS.MONICA SHADINOVO. 21.901
email@example.com Tue 06/03 16:00 From Senior Account Officer, Barclays B 22.573
firstname.lastname@example.org Sat 05/31 22:00 FINAL WINNING NOTIFICATION! 24.42
email@example.com Thu 06/05 11:57 BUSINESS AND INVESTMENT PROPOSAL. 36.008
Remove from Credit Card and Insurance Mailing Lists
The Fair Credit Reporting act of 1997 allows for consumers to stop unsolicted credit card & insurance offers. It puts more responsibility of customer privacy on the business that collected the sensitive data in the first place.
In order to use the strength of the law you must take action. Write or call the credit bureaus and request removal of your name and address from those lists. Here are the credit bureaus’ contact information:
P.O. Box 736
Springfield, PA 19064-0736
Telephone: (800) 680-7293
Experian (used to be TRW)
P.O. Box 949
Allen, TX 75013
Telephone: (800) 353-0809
P.O. Box 105139
Atlanta, GA 30374-5139
Telephone: (800) 556-4711
Once you make the request they have 5 days to notify all national credit agencies. Your name will then be dropped from their mailing list for two years.
Remove your name from mailing lists permanently
To remove your name from mailing lists permanently ask the credit bureau to send you an “election form.”
To receive a credit report contact the following:
Experian (formerly TRW)
To Stop “Junk Mail”
Contact the Direct Marketing Association (DMA).
Mail Preference Service
PO Box 9008
Farmingdale NY 11735-9008
Telephone Preference Service (telemarketing)
PO Box 9014
Farmingdale NY 11735-9014
With a request (written) your name will by removed from their mailing lists.
I’m not sure there is a way to remove your name from all email mailing lists at once. But one thing you want to NOT do is put your email address on a website. If you want customers to get to your via email but don’t want the spam and scams that come with, use a contact form or something like this elamb.security(at)gmail(dot)com – this makes it so spam emails can’t automatically grab your email from the Internet, a common spammer tactic.
I just want to make this perfectly clear. This is a SCAM! I get these emails about British International Lottery, British National Lottery about every three weeks or so. DO NOT.. I repeat DO NOT send these people money or your personal information. If you are new to the Internet, this kind of thing is rampant.
THIS JUST IN.. I Just won the British International Lottery… AGAIN! How about you?!
BRITISH INTERNATIONAL LOTTERY INC. <firstname.lastname@example.org>
reply-to “BRITISH INTERNATIONAL LOTTERY INC.” <email@example.com>,
date Jan 22, 2008 5:30 AM
subject ATTN: WINNER! YOUR EMAIL ID JUST WON YOU £1,000,000.00
hide details 5:30 am (1 day ago)
BRITISH INTERNATIONAL LOTTERY INC.
5th Floor East
55 Currie Street London
DATE: January 22th 2008.
CONGRATULATION! NEW YEAR BONUS WINNING NOTIFICATION
We happily announce to you the draw (#1068) of the BRITISH
INTERNATIONAL LOTTERY, online Sweepstakes International program held on, January
21th 2008. Your e-mail address attached to ticket number: 56475600545188
with Serial number 5368/02 drew the lucky numbers:
02-06-10-17-29-30(Bonus no,30), which subsequently won you 1st category in the match 5 plus
You have therefore been approved to claim a total sum of £1,000,000.00
(One Million Pound Sterling Only) in cash credited to file
KTU/9023118308/03. This is from a total cash prize of £51,002,068 shared amongst
the (6) lucky winners in the match 6 category.
All participants for the online version were selected randomly from
World Wide Web sites through computer draw system and extracted from over
100,000 unions,associations and corporate bodies that are listed
This promotion takes place weekly. Please note that your lucky winning
number falls within our European booklet representative office in
Europe as indicated in your play coupon.
In view of this, you have therefore been approved to claim a total sum
of £1,000,000.00 (One Million Pound Sterling Only). This sum will be
released to you by any of our payment offices in Europe. Our European
agents will immediately commence the process to facilitate the release of
your funds as soon as you contact them.
As part of our precautionary measure to avoid double claiming and
eradicate the unwarranted abuse of this program, you are advised to keep
your winning information confidential until your claims is remmited to you.
PLEASE MAKE SURE THAT YOU QUOTE YOUR BELOW WINNING PARTICULARS WHEN
CONTACTING YOUR CLAIMS AGENT:
Batch No: 70564943902/188
Winning No: FGNGB2701/LPRC
Claims Processing Agent
( Mon – Fri 8:00am – 6:00pm London Time )
For further clarification/verification of your claims, Please call on
any of our official numbers as stated in notification email:
Congratulations from me and the entire members of THE BRITISH LOTTERY.
Mrs. Tricia Moore
Online co-ordinator for THE BRITISH INTERNATIONAL LOTTERY
Sweepstakes International Program.
LAS VEGAS, NV–(Marketwire – June 13, 2007) – Symantec Vision 2007 — Symantec Corp. (NASDAQ: SYMC
) today announced the newest version of Symantec Information Foundation, an integrated Information Risk Management (IRM) product suite that builds on the company’s Security 2.0 strategy. Symantec Information Foundation delivers advanced controls to safeguard companies against data loss with unified protection for e-mail, Web and instant messaging (IM). The new solution, expected to be available this summer, enables information entering or exiting the organization to be archived, audited and discovered through a validated process that ensures proper chains of custody.
With IMlogic’s technology they will also be able to battle “SPIM” Spam on Instant Messanger which can get pretty bad.
NIST.gov, heidelberg university and others have been hacked by black hat spammers.
Lately I’ve been getting some spam that I consider a special treat. These are websites that have been exploited and used to promote spammy pharmacy products such as viagra and cialis.
I am not happy that victims are being used, I’m intriqued on how the spammers managed to get away with it.
This one comes from NIST.gov:
SPAM Hack of NIST.gov
I’ve been working with the U.S. Govt for a long time so I am familiar with the NIST. It is the National Institue of Standards and Technology: “Founded in 1901, NIST is a non-regulatory federal agency within the U.S. Commerce Department’s Technology Administration.”
When I thought that they might have been hacked, I immediately sent and email to the webmaster. But unfortunately they rejected my email.
Here is another hack attempt (this one unsuccessful):
Here is one is what looks like a division of Heidelberg University:
email I sent to Heidelberg Universtiy (translated with babelfish):
Ihr Aufstellungsort kann ausgenutzt worden sein:
Die Person, die dies getan hat, benutzt Ihren Aufstellungsort zu Spam andere Internet-Aufstellungsorte. Traurig über meinen Deutschen. Ich verwende babelfish.altavista.com, um zu übersetzen. Auf Wiedersehen
Here is another attempt on Kryten.murdoch.edu.au
As with any exploit, the spammers used a flaw in the webpage to post the data on victims webpages. The sad thing is that it can happen to anyone. Security Awareness is really the only defense one can have.
I have been getting a lot. I’ll update this when I get some good one.
Apparently, she is a lonely single woman who speaks english as a second language.
I googled “ludochek” and found this:
YOU SEARCH WOMAN? I’m single woman and i search man my mail: ludochekmy()gmail.com
I’m blond, 32y.old. If you search woman for pen pal and more write to me and i can send
to you my new pics and tell more about myself.
I use () instead @ for my email.
I post this message from this forum because i don’t have credit card and can’t use dating site.
If you want find a friend please write to me i am very lonely girl.
I wait your message to my email: ludochekmy()gmail.com but you must use @ Ludmila.
I wonder if date spamming works. I’ll do some research on this.
I get these paypal email scams ALL the time. It is really just one of so many phishing scams that put up mock versions of legitimate financial services and institutions such as Wells Fargo, Western Union, Bank of America and others in order to trick some of their customers into giving up usernames, passwords and account information.
Notice that the URL adress bar goes to IP: 188.8.131.52
This IP goes to somewhere in Australia and not PayPal. NEVER go to these mock sites and give your information. If you think something maybe wrong with your account after receiving an email make sure you open a NEW BROWSER and type the url in your self.