Thursday, March 17, 2016

Scam Email: Somebody just sent you a Paypal payment.

Here is a scam email I've been getting a lot lately. Annoying.

It's not even addressed to my email but some slight variation of my email.

Of course the intent is to get you to click on that link and give up important account information.

Don't do it! Always open a new fresh browser and manually log into Paypal yourself and see what is there. Never ever do it from an email link.

Subject: Jennifer Miller just sent you $3,182.00 USD with Paypal. Paypal recommends to withdraw it now.‏
From: Jennifer Miller (beer@codes.io)
Sent: Thu 3/17/16 3:10 PM
To:

Jennifer Miller just sent you $3,182.00 USD with Paypal. 
Click here to continue [points to a very non-paypal url when I mouse over it without clicking on it]
Best of luck!
Jennifer Miller




688698882 MARY MOSHER 1305 COUNTRY CLUB PL GALLUP MCKINLEY NM



Saturday, February 27, 2016

Fake Locked Bank Accounts

This scam has been running for decades but as more banks go digital and send email notifications and alerts, more customers are falling for these fake emails that look like official bank notifications but they are NOT.

They are an attempt by scammers to get your banking log on credentials so they can steal your money.

Here's a tip - never use your email in any part of your banking log on user name. It's just too easy for scammers to figure out or use software to guess. Remember, scammers are getting more sophisticated so they are gathering all kinds of social data and putting together "guesses" about people's information based on what they've been able to collect across all your social media accounts and activity. Don't make it easy for them.

And I know it's a pain... but get into the habit of changing your banking log in password on some kind of regular basis. Oh - and don't use your birthday date in your password or PIN number. Your email and your birth date are some of the first things scammers try.

Below is a sample scam email that actually had a file attached to it (which highly likely if it is opened would install a virus or more importantly a quiet piece of code on your computer which would monitor your keystrokes and what site you are on and getting your banking log in credential that way) so the age old advice of do not open attachments from emails unless you feel 1000% sure you know what that attachment is. With things like banks, I have recommended when in doubt CALL them first and ask if they really did send that email and attachment. Confirm before you take the risk.

How did I know this was a scam without checking? I don't have an account with Wells Fargo. But lots and lots of people do, so the odds that the scammer is going to email someone who does is quite high. And the odds that some unsuspecting person is going to trust that email and think Wells Fargo actually sent it is also high.

Scammers work by a number odds game.

The headers are all faked in this email and the scammer could care less about if you reply to this email and it goes back to Wells Fargo. They care about you opening that attached file so they can install something malicious on your computer or smartphone. And they also try to trick users into going to a fake page that looks exactly like a Wells Fargo log in page and get the unsuspecting user to enter their log in credential and when they hit the log in button, the scammer now has that user's log in credentials for themselves.

When I checked the full headers of the email, I saw these two lines, which were also indicators this was not a legitimate email:

Received: from imsantv98.netvigator.com (imsantv98.netvigator.com [210.87.247.9])
X-SPF-Check: 210.87.250.172 is not allowed to send mail from wellsfargo.com

I then googled netvigator spam and got all kinds of results of spam being sent from this domain.

For those who have Wells Fargo accounts and receive emails like this, those are some additional signals to look for.

By the way, Wells Fargo was in no way targeted. Scammers send this very same email out millions of times with every other bank name - trying to catch those who happen to bank at the bank name of the scam email sent to them. 

In this case, they missed their mark because I don't have an account with Wells Fargo.

From: Wells Fargo Bank Alert (customerservice@wellsfargo.com)
Subject: Wells Fargo Account Access Sign-In Alert
Dear Wells Fargo Customer,
Your access to Online Banking Service has been locked. Due to a miss-match access
code between your Security information..
As part of our security measures, Kindly open and download the attached file and
Follow the instructions on your screen. 
Thank you for helping us to protect you.

© 1999 - 2015 Wells Fargo. All rights reserved. NMLSR ID 399801

Thursday, July 17, 2014

Electronic Toll Road Collection Scam

Here is a new twist on a common scam - trying to steal your money, or at minimum the passwords to your accounts, by faking an email invoice to pay an electronic toll road fee.

Many toll roads now use fast passes as you pass through the booth. Many are set up to send invoices to those cars that do not have the fast pass or whose pass did not register properly. But these invoices are sent in the regular postal mail based upon the address of the registered car owner of that license plate. I've read that in San Francisco they are collecting millions of dollars this way. Scammers want in on that pot of gold. Personally, I have felt the board overseeing the Golden Gate Bridge to have an awful lot in common with scammers. But that's for another post. Let me get back to the topic at hand.

Scammers are now trying to fake these invoices in email hoping to trick people who don't know how these work or that they would never come in an email. They are called FastTrak here in California. E-ZPass is used in 14 different states (in some states it may be called something else but it rebranded from E-ZPass) including Delaware, Illinois, Indiana, Maine, Maryland, Massachusetts, New Hampshire, New Jersey, New York, North Carolina, Ohio, Pennsylvania, Rhode Island, Virginia, and West Virginia.

So the scammers are not only targeting people who live in these states, they are targeting anyone who has also visited these states, even if it was awhile ago (they still might question if they owe something, not knowing how it all works). That's a pretty large pool of people.

They were not targeting me. I live in California and have not been to any of these states in any reasonable recent time. But scammers don't care. They are soulless beings. They have their way to send out millions of emails and they just hope enough people are tricked by the email and do not care about those who see it as an obvious fake. I'm guessing soon I'll receive an email using the name of the pass system used here in California. It's only a matter of time.

Here is what this email looks like:


the link goes to an obvious scam url but most people don't look at the url BEFORE they click on it. Best advice is DO NOT CLICK ON ANY LINKS IN EMAIL. There are other ways to find out if you really owe any toll fees... but really, you will be mailed something in the postal mail, not in email.

Don't fall for this one. Don't let the scammers win.

Saturday, April 12, 2014

Scam Email: Jon Wuan

Here's another classic Fake Buyer Scam email with a made-up name, disposable email account, and made-up story.

It is simple to avoid this scams - DO NOT wire any money to anyone for any reason! DO NOT help anyone out paying their (non-existent) shipper or "logistics agent". DO NOT accept any overpayments.

p.s. I love when the scammer says, "kindly explain what you are insinuating", clearly not having a command over the English language. A better use of the word 'insinuating' would have been, "Are you insinuating I am a scammer??" But then that would have blown his cover...

Here's a long thread sent to me that is representative of how these scammers work their formula.

Kathleen,
See below, I've been scammed before and here is another one see the email thread below

---------- Forwarded message ----------
From: Jon Wuan (wuanjon@yahoo.com)
Date: Wed, Apr 9, 2014 at 9:54 PM
Subject: There's a problem

(editor's note: of COURSE there is a problem, now, says the scammer to himself, I have to try and scam money out of my victim! Here comes the part of the scam you can easily avoid...)

Hi,
Thanks for you reply. Meanwhile, I don't know if i told you in my previous emails about plans by the sponsor to hire a prepaid translator/logistics agent who is supposed to carter for their transportation and accommodation and cars they would use while in your country. Now, due to the fact that the sponsor's location as an oil rig engineer, he won't be able to make another method of payment except via credit card, and he had contacted the translator to charge his credit card electronically, then deduct his fee and send you some money as deposit, but the translator replied and said he couldn't charge because he has no Point of Sale terminal, and he never disclosed this from the onset, so now we are confused and tired because we
supposed to deposit some money to you through the translator in order toenable you put somethings down.
Please kindly advise on what to do in order to get this problem tackled. If you can be able to charge the card electronically let us know, we might use you to charge the card and pay the translator through you and the sponsor has promised to compensate whoever that will help him in this ugly situation.
Looking forward to hearing from you.
Best,
Jon.

--------------------------------------------

Subject: Re: Deposit
To: "Jon Wuan" (wuanjon@yahoo.com)
Date: Tuesday, April 8, 2014, 10:58 PM

Okay

---------------------------------------------

On Apr 8, 2014, at 8:59 PM, Jon Wuan (wuanjon@yahoo.com)
wrote:

Hello,
I am happy to read your reply and i am letting you know now that the sponsor is OK with the cost since you organize one of the best dance workshop. However, in a short while, the translator/logistics would get back to you with deposit to enable you put some things on ground.
Thanks,
Jon.

 --------------------------------------------
Subject: Re: Dance Workshops
To: "Jon Wuan" (wuanjon@yahoo.com)
Date: Tuesday, April 8, 2014, 8:16 AM

The minimum I can pay my dance
instructors for 10 people is $200,
The Dance studio rental costs  $40 per hour

Thus each day is $720x21=$15120

We cannot do it any cheaper .

Out crew has the some of the best dancers in Hollywood who are all active and working in the film and tv industry .

Let me know what the client can afford and I can work with your budget .

----------------------------------------

On Apr 8, 2014, at 2:10 AM, Jon Wuan (wuanjon@yahoo.com)
wrote:

Hi,
Kindly explain what you are insinuating. We need 21 days for the workshop. Thanks.

--------------------------------------------

Subject: Re: Dance Workshops
To: "Jon Wuan" (wuanjon@yahoo.com)
Date: Tuesday, April 8, 2014, 1:06 AM

If we do fewer than 21 days , we could do 14 days ?

----------------------

On Apr 7, 2014, at 9:45 PM, Jon Wuan (wuanjon@yahoo.com) wrote:

Hi, the sponsor said that the amount is exorbitant, could you give him some discounts?

--------------------------------------------

Subject: Dance Workshops
To: "jonwu564@gmail.com"
Date: Saturday, April 5, 2014, 10:06 AM

Hello Jon !
I love Vietnam and have been there my self to perform with Linda last year in Hannoi! My Dance company is very versed in many styles of dance.
We can teach :
Hip Hop Dance ChoreographyJazz
FunkHouse Dancing Break
Dancing PoppingLocking Whacking/Punking
ContemporaryLyricalSwing
Dancing / partner
dancing BalletTricks and
FlipsMartial Arts

21 days would be great! We have a studio we work out of  for 10 students three hours a day for 21 days
Studio rental= $120 per day
Dance instructor per day 3 hours  $600
Total per day = $720
21 days total is = $15120

Perhaps we can do fewer than 21 days to fit in your schedule?
 
Here are some photos of our crew.  Members of our crew work in Tv, Movies , Commercials in Hollywood. We have all worked  with Artists like Pink, Avril Lavigne, Rihanna, Britney Spears, and have appeared in  movies like Step Up and shows like Dancing with the Stars and So You Think You Can Dance!

Saturday, March 1, 2014

Real Job or Scam Job?

Can you tell if this is a real job offer or a scam job offer?
Received: from [98.129.184.12] ([98.129.184.12:38165] helo=smtp18.gate.dfw1a)
    by smtp11.gate.ord1b.rsapps.net
    (ecelerity 2.2.3.49 r(42060/42061)) with ESMTPS (cipher=AES256-SHA)
    id 48/2F-08587-743D1135; Sat, 01 Mar 2014 07:32:07 -0500
X-Originating-Ip: [114.45.231.130]
Received: from [114.45.231.130] ([114.45.231.130:24988] helo=114-45-231-130.dynamic.hinet.net)
    by smtp18.gate.dfw1a.rsapps.net
    (ecelerity 2.2.3.49 r(42060/42061)) with ESMTP
    id 87/65-09367-443D1135; Sat, 01 Mar 2014 07:32:07 -0500
Date: Sat, 01 Mar 2014 27:31:58 +0700
To:
Subject: Job Information

We are offering a shipping manager assistant position.
We are offering a distant job.

The job routine will take 2-3 hours per day and requires absolutely no investment.
You will work with big shops, suppliers, factories all around the States.
The communication line will flow between you and your personal manager, you will receive orders via email and phone,
and our trained manager will be with you while every step to help you to work out first orders and answer any questions which may appear.
The starting salary is about ~2800 USD per month + bonuses.

You will receive first salary in 30 days after you will successfully complete your first task.
When the first working month will be over you will have a right to receive salary every 2 weeks.
The bonuses are calculated on the very last working day of each month,
and paying out during a first week of the next month.

We will accept applications this week only!
To proceed to the next step we should register you in HR system so we will need a small piece of your personal information.

Please fill in the fields:
Full_name:
Phone_number:
Email_address:
City_of_residence:

We need your personal information to create HR file only,
it will stay secure on the separate server till the moment it will be deleted (which take place every 2 days),
and only HR people will have access to it.

Please send your answer to my secured email cv@seekcousa.com
 I will reply you personally as soon as possible.

Sincerely,
Lincoln

Thursday, June 20, 2013

Craigslist Apartment Scam

You must be careful when looking for apartments to rent on Craigslist. Craigslist is FLOODED with scammers. Some pretend to be buyers and try and trick people to wiring them money (they pretend to buy, then overpay, then say oops - send the extra back via wire transfer, when the original payment all along was counterfeit) or they pretend to be sellers and have NOTHING to sell, but just make up ads and steal photos from elsewhere on the internet or on Craigslist. In the apartment scam, they try to get upfront deposits for apartments that exist but they have no association with - and no ability to rent or not rent.

Here is a CLASSIC setup in Craigslist. The potential victim (who luckily did not become a victim) replied to an ad for an apartment for rent on Craigslist. Not only do they go for that upfront payment, they also try and collect a lot of identity information while they are at it.

How to avoid this? NEVER ever ever ever do wire transfers. That is how these scammers get money in these scams. Once they pick up that wire transfer (which they do VERY quickly), the money and the scammer are untraceable - and gone.
From: Lucas Wesley (wlucas89@yahoo.com)
Subject: Re: - $530 Room & Private Bath-Available (berkeley)

Thanks for your interest in my apartment. The apartment is available for long term & short term lease is also acceptable. The building is in a great location situated in the quiet and safe area and offers secure .

Its a spacious and lovely 2-bedroom fully furnished apartment with utilities included. The kitchen is well equipped.Utilities and Equipments: Kitchen well equipped(microwave oven, Dish washer, blender, Cocktail mixer, Sandwich maker, stove e.t.c), all utilities included such as Internet facilities,Parking space, e.t.c

I tried to look for an agent that I could give the document & the keys before I left but could not find any as a matter of urgency. And I don't want home misused in my absence that is why I took the keys and documents along with me. So I hope you will promise me to take very good care of the apartment always.

I have the keys and the apartment documents here with me and I will be shipping it to you through DHL courier service after processing your application form. Attached are the interior pictures and if you like it and willing to proceed with the rental. I will like you to fill the form below and email it back to me asap for processing.

RENTAL APPLICATION FORM

FIRST NAME:__________
MIDDLE NAME:__________
LAST NAME:__________
(CELL)PHONE__________
(HOME)PHONE__________
KIDS _____ (YES/NO), HOW MANY ________
PRESENT ADDRESS: _____________________
CITY: _______________
STATE:______________
ZIP CODE: ____________
WHEN DO YOU INTEND MOVING IN? ______________
HOW LONG DO YOU INTEND STAYING? ____________
HOW MANY MONTH RENT ARE YOU WILLING TO PAY UPFRONT_________
DO YOU HAVE PET _________
KIND OF PETS: _____________
HABITS
DO YOU SMOKE ______________
DO YOU DRINK ______________
DO YOU WORK LATE NIGHT _________
REFERENCE
NAME_____________
ADDRESS_____________

Payment will be through wire transfer (Western Union Money Transfer/ Money Gram) and the keys will be shipped to immediately payment as been confirmed.

Once i received the filled copy of the rental application form, I will make an arrangement on how to get the apartment keys and documents shipped to you through DHL courier service without any further delay.

I await your swift response.

Regards
Lucas

Sunday, June 16, 2013

Fake Email Quota Limit Scam

Here is a scam email I received this morning. Notice how the Reply-To goes to anti-spam.org. That not only makes the email seem more legitimate to the unsuspecting and non-technical person but all the people who will reply will muck up the bandwidth of the anti-spam.org server so the scammer is getting two birds with one stone.

The headers also revealed that they likely used a hijacked hotmail account to send out this spam. So they can not be tracked down.

Their real goal is to get readers to click on that link and then bad things will happen - some thing bad will download to your computer, or they will try and collect all your account info, so they can send out more scam emails through your hijacked email account. Or both. 

From: Webmail Technical Services. (info@usa.com)
Reply-To: (noreply@anti-spam.org)
Return-Path: info@usa.com
Subject: IMPORTANT INFORMATION IN YOUR WEB-MAIL USER‏

WEBMASTER EMAIL ACCOUNT UPGRADE

ATTENTION WEB-MAIL USER.

Your E-mail Box has reached its maximum limit of  500MB storage and your account will be deactivated if you do not upgrade it now. To upgrade your web-mail account, kindly click on the below link and follow the instructions to upgrade space for more storage.

CLICK HERE :  http://nlintu.com/spmsecurity-activate/

Your account shall remain active after you have successfully confirmed your account. Failure To Click This Link And Upgrade Your Quota May Result In Loss Of Important Information In Your Mailbox/Or Cause Limited Access To It.

Thank you for your cooperation.
Webmail Technical Services.

Saturday, June 8, 2013

Scam Email: Janet Roberts

Lately, I've been receiving a lot of emails from people selling Avon, Herbalife, Mary Kay, Amway, Melaleuca, Tupperware or Arbonne - the scammers seem to be targeting this demographic lately, hoping these independent sellers will fall for their fake buyer scam.

In the Fake Buyer Scam, the scammer will pretend to buy items and then send a counterfeit check. They will *always* overpay for the order, asking that the extra be sent to a shipper or some other third party. And there will be some weird reason why it is necessary to send that extra via wire transfer. Sometimes they just say they sent too much by mistake and please send the extra back via wire transfer. Whatever the reason the critical factors of this scam are overpayment and wire transfer. It is just the scammer at the other end of that wire transfer and once they pick up the money, they - and the money, are untraceable and gone. They hope to get their victims to wire that money before they figure out the original check is fake and the bank will withdraw the entire amount from your account.

Variations of the counterfeit check are: stolen credit card numbers not yet reported as such so there is a delay before you receive the chargeback, and even some will pretend to pay by paypal and send you a fake copycat email of a paypal payment confirmation email (and you'll be surprised at how many people believe that fake email and go ahead and wire the money, never manually checking their paypal account to see no money has, in fact, been paid).

Often these scammers have poor sentence structure and misspellings but another clue is they seem to ignore your questions and just reply with their "template" of what the next step in the scam is. it is too much effort to actually pretend to be a real buyer at this point - people are either going to fall for the scam or not. And sadly, enough people ARE falling for the scam, that they don't yet need to try any harder than they do now. It is sad.

But really, it is easy to avoid falling for this scam. DO NOT accept any overpayments. These are not tiny overpayments - they are significant. And NEVER EVER EVER wire money in behalf or back to any customer. EVER. Simple. Avoid these two things and you will not fall for this scam.

Here is an example of an exchange with a scammer recently sent to me that highlights how these emails typically go. It ends because Becky then got suspicious and googled Jane Roberts and found all the other people who have received scams from "Jane Roberts" (name has been faked, it is very likely to be some dude in Nigeria or some other foreign country).
From: Becky
To: janetrobert101@yahoo.com
Sent: Thursday, June 6, 2013 12:15 AM
Subject: Arbonne

Hi Janet,
I received an email from Arbonne about you being interested in Arbonne products.  What is the best way to reach you?
thanks,
Becky
Next Email:
On Jun 6, 2013, at 2:22 AM, janet robert [janetrobert101@yahoo.com] wrote:

Below is the lists of my inquiry.

2 of collagen support #817
1 of Makeup primer #7825
5 womans balance #1995

Kindly advise back as soon as possible with the quotes excluding the shipping costs from it. We will be responsible for the pick up of the order at your location once the payment is confirmed. My shipper will be making the pick up arrangement once i get the receipt of the payment from you .

Hope to read from you soon.

Best Regards
janet robert
Next Email:
On Jun 7, 2013, at 4:22 AM, janet robert [janetrobert101@yahoo.com] wrote:

Greetings to you and thanks for your response. I will like you to kindly get back to me with the information below for the payment of the Arbonne to be mailed out Am so sorry,i don't have a credit card nor debit card. I can only make payment with a Cashier-Check drawn and cashable at any bank. If accepted, kindly advise back with information such as :-

Physical Name :-
Address :-
City :-
State :-
Zipcode :-
cell Number :-

I will be waiting to read from you soon for the payment of the order to be mailed out. Kindly get back to me . Hope to work with you on future orders.

Regards
janet robert
Next Email:
From: Becky
To: janet robert [janetrobert101@yahoo.com]
Sent: Friday, June 7, 2013 5:10 AM
Subject: Re: Arbonne the check

Good morning.  I need to get your information to complete the order- name, address, and email address.    Thanks

Becky
Next Email:
From: janet robert [janetrobert101@yahoo.com]
Date: June 8, 2013, 4:26:01 AM EDT
To: Becky
Subject: Re: Arbonne
Reply-To: janet robert [janetrobert101@yahoo.com]

send me your info so that i can get the check sent right away...........

Thursday, May 2, 2013

Fake Work at Home Job Scam

Here is an excellent example of a scammer job ad. It's actually well written - looks like a real job ad. Okay, the fake last name isn't how that would be particularly spelled, but the sentence structure - while not great, isn't a total mess like most scammer emails. It will fool some people. Notice the misspelling of the domain name (it's missing an 'o'). I looked it up and it was created March 22, 2013, just in time to send out his scam email to hundreds of thousands of people. And of course, the WHOIS is protected. Mustn't find out who the scammer really is. Type in the web address and it delivers a 403 forbidden which means the scammer hasn't quite worked out how to make their fake website work properly yet.

It is a job scam.

How does this scam work?

Well, it would appear the job "opportunity" is a variation of a mystery shopper. It doesn't say this but my guess is eventually they will ask the victim to "test" the client's payment system by ordering something and writing up a review of the order process. Sometimes, the greedy scammers, will ask this payment be wired (and then that money is really going directly to the scammer) and sometimes they will have the victim receive money and send it elsewhere via wire transfer. At this point, the victim is money laundering. The scammer will tell the victim they will be reimbursed when they get paid - it will be their pay plus any money they spent testing the clients.

But a day or two before the pay check is supposed to be sent, the scammer disappears and moves on to hire another victim.

I am not looking for a job but lots of people are - so the odds of them sending this to someone who would love to make $35k working from home and is desperate or just not knowledgeable about these scams... they are going to end up victims.

PLEASE don't be one.

From: Tim Sheilds (info@emplymentopps.com)
Reply To: timsheilds@acerqc.com
Return Path: (b1@emplymentopps.com)
Subject: Need a Job Still?

Hi This is Tim Sheilds from Acerqc.com

I`m wondering if you are still looking for work as we have a opening , the position is working in our quality control division of our call center.

Basically you will be doing what I like to call reverse telemarketing where basically your going to be calling telemarketing companies up and seeing how they handle your call, You then write a report about if the person was knowledgeable about the product they were selling or how nice the person was on the phone or did they make you want to order the product etc etc.

The position pays 35k to start you can work at home and will be paid by direct deposit or check every week, check out our site you can see we are a good company to work with and if you feel you would like to apply for the position then reply back to me and I`ll get you started.

Hope to hear from ya soon

Tim Sheilds
Hiring Manager
Acerqc.com

Your email client cannot read this email.
To view it online, please go here:
http://emplymentopps.com/inter/display.php?M=1506600&C=27aab55a3449f61184b77098fd620c19&S=9&L=8&N=3

To stop receiving these
emails:http://emplymentopps.com/inter/unsubscribe.php?M=1506600&C=27aab55a3449f61184b77098fd620c19&L=8&N=9

Powered by Interspire

Tuesday, April 30, 2013

"Did you log into Facebook from somewhere new?" Facebook Email

Many of my friends are receiving this email. Is it a phishing scam email or not?

From: Facebook <notification+i-m5m7hi@facebookmail.com>
To: Elaine
Sent: Tuesday, April 30, 2013 1:25 AM
Subject: Did you log into Facebook from somewhere new?

Dear Elaine,

Your Facebook account was recently logged into from a computer, mobile device or other location you've never used before. For your protection, we've temporarily locked your account until you can review this activity and make sure no one is using your account without your permission.

Did you log into Facebook from a new device or an unusual location?

- If this was not you, please log into Facebook from your computer and follow the instructions provided to help you control your account information.

- If this was you, there's no need to worry. Simply log into Facebook again to get back into your account.

For more information, visit our Help Center here:
http://www.facebook.com/help/account_recovery

Thanks,
Facebook Security Team

One way to know it is not a phishing email is to open a new browser window, log in to your facebook account (not from any links in the email!) and the alert should pop up again. Whether the alert pops up again or not, it would be my recommendation to go in there and change your password. And don't pick something stupid simple like "password123" or english words easy for a software to guess by running through combinations.

Wednesday, April 24, 2013

Scam Email: Eric Anderson

Hi Kathleen,

I'm a small publisher in Sydney, Australia. I also got one from Eric Anderson, same format as all the others. My gut told me to do a search and I came across this site. Armed with this information, I wrote the following to "Eric Anderson":

- - -

Hi Eric,

Cost of Order = $1260
Cost of shipping = $420
Total cost = $1680

I spoke to my bank today and they said they cannot accept a credit card order from the Philippines without a scan of your passport (lots of scams from your country, I'm afraid). So if you can send that through as a jpg, I'll be grateful. Alternatively, you can send the money via Western Union (I use this method all the time for orders from Russia).

Please let me know how you'd like to proceed.

- - -

Saturday, April 13, 2013

Scam Fake Email from U.S. Treasury

It's tax time. The number of fake scam emails I'm getting that pretend to be coming from the IRS or the U.S. Treasury is astounding. They are ALL fake. These government departments do NOT initiate contact via email! Ever!

The approach the scammer uses below is an effective one - provide so little detail that the user is compelled to click on the attachment just to figure out what the email is about and if it is legitimate. And once they click, it is too late. DO NOT CLICK ON ANY ATTACHMENTS in emails that appear to be from the IRS or other government agencies.

I recommend looking at the "message source" and finding the REPLY-TO address and see what that says. What does it say in this case? boainfo@superposta.com. Not exactly the U.S. Treasury. I then usually look for another field, to see where the email may have been routed from. But in this case, that didn't help as the scammer was able to hijack using yahoo mail. Probably hacked into someone's account.

Okay, here is what it looks like. It's simple, but it does get people to click on the attachment and that is where the trouble begins for the user. So don't click on any links in these types of email.
Subject: YOUR COMPENSATION FUNDS TRANSFERRING TO YOUR REPRESENTATIVE (MRS. JOYCE SMITH), RECONFIRM TO PROCEED‏
From:    U.S Treasury Office (desk.ci@vf.vc)
Sent:    Sat 4/13/13 5:16 PM
To:    
   
Attachments:     1 attachment | Download all as zip (2.0 KB)
    The details.txt (2.0 KB)
   

Parts of this message have been blocked for your safety.

View the file for your message details.














Tuesday, April 2, 2013

Scam Email: Facebook Online International Lottery

Here is a scam email that oddly uses the address of the fake FBI scam (as their email address), the use of Facebook (as the brand name to create legitimacy), tries to time it as an Easter email (but then sends it 2 days after Easter) but then launches into the story of a fake lottery scam. This scammer really ought to decide which scam he is running!

Lots of people still fall for the fake lottery scam. You can NOT win a lottery you did not enter! And the winning amount in these fake scam emails is always more than is reasonably true. That they try to overwhelm people with details doesn't mean it isn't ALL made up. Do not fall for this.


From:Facebook (info@fbi.gov)
Subject: Congratulations and Happy Easter Celebration‏
Reply-To: (facebookwinnersdepartment11@gmail.com)

Facebook Online International Lottery
From: The Desk Of the President.
International Promotions / Prize Award.
Category: 2nd
 
Greetings to you Dear lucky winner. We are pleased to inform you of the result of the just concluded annual final draws held on the 12th of March 2013 by Facebook group in cash promotion to encourage the usage of Facebook worldwide. Your name was among the 20 lucky winners who won $950.000.00USD (Nine hundred and Fifty Thousand United State Dollars) each on the Facebook group promotion award attached to Lucky Number (FB-225-7736), Ticket Number (FB-172-60), Batch Number (FB-0281/544) and Serial Number (99352748-2013).
 
The online draws was conducted by a random selection of emails you were picked by an advanced automated random computer search from the Facebook in other to claim your $950.000.00usd the lottery program which is a new innovation by Facebook, is aimed at saying a big thank you to all our users for making Facebook their number one means to connect, communicate, relate and hook up with their families and friends over the years.
 
This is part of our security protocol to avoid double claiming and unwarranted abuse of this program by some participants and scam artists all participants were selected through a computer ballot system drawn from over 20,000 companies and 30,000,000 individuals email addresses from all over the world. This promotional program takes place every three years. You may be rest assured that this is real and legal. There are some scam artists around but thanks to the FBI, 216 of them have been arrested.
 
You are required to contact the head of our disbursement department in the person of Mr. Lincoln Howard via this email address (facebookwinnersdepartment11@gmail.com) with information below for the complete processing of your Winning certificate and further information regarding the disbursement of your lottery winnings.
 
Full Name:
Contact Address:
Mobile Number:
Occupation:
Marital Status:
Sex:
Age:
Country of Residence:
Nationality:
Lucky Number:
Ticket Number:
Batch Number:
Serial Number:
Your Email Address:
 
Furthermore, if there is any change in email addresses please contact us on time. Do not reply to this email, Contact the disbursement department with the email provided above.
 
Note: if you are not interested please do not bother to reply.
 
Thanks and more Congratulations!
 
Regards,
Mr. Wright Jones
Announcer.

Tuesday, March 12, 2013

Free Kindle Books 03/12 & 03/13

I've been working for years to help people not fall victim to Internet scams. I equate scammers to cockroaches - you can never completely eradicate them but you can reduce their intrusion into your life online. I continue to use the Internet with blogs, Facebook pages, Twitter accounts and my book series so that there may be fewer online scam victims.

I have a free promo running on Amazon today, March 12th, and tomorrow, March 13th, for Volume 2 - "Social Media Scams". It is a guidebook to help protect you (or someone you love) from all the different variations of scams running on Facebook, Twitter, Craigslist, YouTube, eBay, and more. Provides a chapter on how all the social media platforms got started and lots of description and advice on scams for all the top social websites. Also includes advice about those pesky fake people on dating sites.

Download today! Or get your loved ones to download a copy...

Help spread the word about how to avoid social media scams.

http://www.amazon.com/Social-Media-Scams-Yourself-ebook/dp/B00B1DQOZK/

Kathleen

Monday, March 11, 2013

Common Tax Scams

It's tax season the U.S. That means scammers have a particular target this time of year, to see if they can trick more people into clicking on links, landing on fake pages, and forwarding money via wire transfer. The scammers will target low-income people and senior citizens, but really - they often just play a numbers game - sending out hundreds of thousands of emails and just working the percentage of people who reply to their first email. Or click on the links in their first email.

And right behind the scammers, out purely for your information or cash, are the slimy businesses out to make a buck by promising a better return (they will sometimes do this by filing deductions you are not actually qualified for). And the scammers pretending to be an IRS agent or a former IRS agent and charging money for special information they know (they typically are not associated with the IRS at all).

The IRS will NEVER contact taxpayers by email, text message or social media to request personal or financial information. They just don't do this. So don't believe anyone telling you otherwise. The IRS contact is done by postal mail.



The IRS also does not initiate phone calls to people. That will also be a scammer. Some of these calls will claim to have a refund ready for you and ask you to call them back. The goal will be to collect your bank account information. Their cover story will be so they can deposit the money there. But once they have your bank account info, they will go online and clean it out. They may ask for your credit card info for "security reasons" and then start making charges on it. Some will say there is a mistake on your return and they need to discuss it. Don't give them ANY information until you verify who they are through independent sources. Really, the IRS works by regular "snail mail". If someone calls you on the phone claiming to be from the IRS, ask them for your name and social security number. A scammer won't know this and that will end the conversation immediately.

And if you are not sure, never provide ANY information, ask for a number to call them back on (say you are busy or something), and then go look up the REAL IRS phone number (1-800-829-1040) and call and ask if that call could be legitimate. But really any time someone initiates the first call and says they are from the IRS.... is not from the IRS. That is easy to remember.

Sunday, March 10, 2013

Beware of Fake Facebook Emails

Lately, I've been receiving an inordinate amount of phishing emails that look like they are coming from Facebook. I have 'new Facebook messages', my Facebook account 'has been suspended', I have a message from the 'Facebook IT department', Facebook 'Support' is emailing me, and I have Facebook 'notifications' waiting to check. I've already written a blog post about fake Facebook emails back in January but I've noticed a spike in how many I've been receiving lately.

All I can think is something must be working about these emails for scammers and a zillion of 'em have rushed into use this version of the phishing scam. I am actually getting probably 10-15 of these specific ones a day now. Geez.

My advice is to check your privacy settings and what you have enabled to be notified on and be VERY careful before you click on ANY button or link in ANY email notification, make sure it is not a phishing email. Better advice is to just never click on the links and button in these emails, but open a new browser window and log into Facebook yourself and see what messages you have there.

I'll paste an example below but there may be different variations. Just be wary of ALL of your Facebook notification emails.

(oh, and the buttons and links in this fake email actually take you to http://58.120.227.149/~hafis/dissenting.html?fbuserid=katiemoe   so notice how they are actually tracking me and my relationship to my facebook account if I DO click on anything - I'm guessing they will trick people into providing their password by presenting a fake 'log in again' page. But I'm NOT going to click on it to even find out for you. And you shouldn't try it either - who knows what terrible things can download in the background unbeknownst to you while you are staring at their fake page)

From: Facebook IT Department [hedquist@abraminterstate.com]
Subject: You have a new direct message from Facebook IT Department


facebook
You have a new message from Facebook IT Department.

Your profile is not configured.
View Notifications
Go to Facebook
This message was sent to katiemoe@xxxxx.xxx. If you don't want to receive these emails from Facebook in the future, please click: unsubscribe.
Facebook, Inc. Attention: Department 415 P.O Box 10005 Palo Alto CA 94303

Here's another one (the links and buttons this time go to:http://km.ur.ru/relics.html?fbuserid=katiemoe (do NOT click on this link!!!)

From: Facebook Technical Support [ablfm@stockpoint.com]
Subject: You have a new direct message from Facebook Technical Support

 facebook
You have a new message from Facebook Technical Support.

Your profile has been successfully updated.
View Notifications
Go to Facebook
This message was sent to katiemoe@xxxxx.xxx. If you don't want to receive these emails from Facebook in the future, please click: unsubscribe.
Facebook, Inc. Attention: Department 415 P.O Box 10005 Palo Alto CA 94303

Wednesday, February 13, 2013

Top 10 Email Scams Selected Reviewer's Choice for February

A proud moment for me. I just received notification from the Midwest Book Review that my first book, Top 10 Email Scams, was February's number one Reviewer's Choice for their Small Press Bookwatch. Yea!

Now my book can be made available to libraries and other academic collections, which I think is a good additional place for my book to be.

Here is a link to the Midwest Book Review page: http://www.midwestbookreview.com/sbw/feb_13.htm

And here is the review in its entirety:


Reviewer's Choice

Top 10 Email Scams
Kathleen McMahon
KTMObooks
1450 Chestnut Street #102
San Francisco, CA 94123
9781938831003 $14.95 KTMObooks.com

Volume one of the "Internet Scams Reveals Series", Top 10 Email Scams: Detect & Protect Yourself from Online Scams is an absolute "must-read" for anyone and everyone who makes use the Internet, whether for professional commerce or simply emailing their friends. Chapters explain in plain terms some of the most common online con games. For example, in the "Fake Buyer" scam, the criminal pretends to buy goods and "overpay" with a certified check or credit card, and requests the seller to wire the difference (typically via Western Union or MoneyGram) to them or their "shipping company". By the time the seller's bank determines that the certified check is a fake, or that the credit card number was stolen, the seller is on the hook for the entire amount and the scammer has disappeared with all the wired money. "Do NOT do wire transfers. Period. No Western Union, no MoneyGram. Don't accept wire transfers as any part of a transaction (especially you forwarding extra money via wire transfer) and you'll avoid a lot of purchase-related and check-cashing email scams." Other scams covered include identity theft, "phishing" (tricking people into entering their passwords into fake websites, etc.), dating scams, lottery scams, and more. Plain terms and sample fraudulent emails help make Top 10 Email Scams crystal clear to readers of all backgrounds. A wealth of valuable tips and tricks for avoiding scams, a "don't panic" list of steps to take when one has been scammed, and glossary of common terms concerning Internet fraud round out this invaluable guide, worthy of the highest recommendation for modern library collections. In today's digital age, Volume 2: Social Media Scams and Volume 3: More Email Scams should also be required reading for the general public!

Friday, February 1, 2013

Facebook Scam: Notice of Settlement of Class Action

This scam has a few things going for it. One is the fake email address they are using: facebookmail.com. Close enough to trick people who are either not paying close attention or might convince themselves this sounds like an email address facebook would own, right? Wrong. Secondly, the email is long and VERY legal sounding and the scammer used a recent hot-button issue pissing off facebook users: sponsored stories. So to the uninitiated, it sounds plausible. And that is what the scammer is hoping for.

This scam has several goals but the main one is data collection. In order the "enter" this class action settlement, you are going to have to give up all kinds of information and a casual unsuspecting person might think that makes sense and that is where the scammer has the victim tricked. The info will not be going to facebook but all of it to the scammer - your login, your social security number, your address - everything they can get you to voluntarily give up.

Facebookmail.com is a scammer's email and there is no settlement of class action against sponsored stories. DON'T FALL FOR THIS ONE!

From: legalnotice (legalnotice@facebookmail.com)
Sent: Sat 2/02/13 12:27 AM
Reply-to: noreply [noreply@facebookmail.com]
Subject: Re: LEGAL NOTICE OF SETTLEMENT OF CLASS ACTION

NOTICE OF PENDING CLASS ACTION AND NOTICE OF PROPOSED SETTLEMENT
ANGEL FRALEY V. FACEBOOK, INC.
You are receiving this e-mail because you may have been featured in a "Sponsored Story" on Facebook prior to December 3, 2012.
A federal court authorized this Notice. This is not a solicitation from a lawyer.
Why did I get this notice? This Notice relates to a proposed settlement ("Settlement") of a class action lawsuit ("Action") filed against Facebook relating to a particular Facebook feature called "Sponsored Stories." According to available records, you may be a "Class Member."
What is the Action about? The Action claims that Facebook unlawfully used the names, profile pictures, photographs, likenesses, and identities of Facebook users in the United States to advertise or sell products and services through Sponsored Stories without obtaining those users' consent. Facebook denies any wrongdoing and any liability whatsoever. No court or other entity has made any judgment or other determination of any liability.
What is a Sponsored Story? Sponsored Stories are a form of advertising that typically contains posts which appeared on facebook.com about or from a Facebook user or entity that a business, organization, or individual has paid to promote so there is a better chance that the posts will be seen by the user or entity's chosen audience. Sponsored Stories may be displayed, for example, when a Facebook user interacts with the Facebook service (including sub-domains, international versions, widgets, plug-ins, platform applications or games, and mobile applications) in certain ways, such as by clicking on the Facebook "Like" button on a business's, organization's, or individual's Facebook page. Sponsored Stories typically include a display of a Facebook user's Facebook name (i.e., the name the user has associated with his or her Facebook account) and/or profile picture (if the user has uploaded one) with a statement describing the user's interaction with the Facebook service, such as "John Smith likes UNICEF," "John Smith played Farmville," or "John Smith shared a link."
What relief does the Settlement provide? Facebook will pay $20 million into a fund that can be used, in part, to pay claims of Class Members (including Minor Class Members) who appeared in a Sponsored Story. Each participating Class Member who submits a valid and timely claim form may be eligible to receive up to $10. The amount, if any, paid to each claimant depends upon the number of claims made and other factors detailed in the Settlement. No one knows in advance how much each claimant will receive, or whether any money will be paid directly to claimants. If the number of claims made renders it economically infeasible to pay money to persons who make a timely and valid claim, payment will be made to the not-for-profit organizations identified on the Settlement website at www.fraleyfacebooksettlement.com (if clicking on the link does not work, copy and paste the website address into a web browser). These organizations are involved in educational outreach that teaches adults and children how to use social media technologies safely, or are involved in research of social media, with a focus on critical thinking around advertising and commercialization, and particularly with protecting the interests of children.
In addition to monetary relief, Facebook will (a) revise its terms of service (known as the "Statement of Rights and Responsibilities" or "SRR") to more fully explain the instances in which users agree to the display of their names and profile pictures in connection with Sponsored Stories; (b) create an easily accessible mechanism that enables users to view, on a going-forward basis, the subset of their interactions and other content on Facebook that have been displayed in Sponsored Stories (if any); (c) develop settings that will allow users to prevent particular items or categories of content or information related to them from being displayed in future Sponsored Stories; (d) revise its SRR to confirm that minors represent that their parent or legal guardian consents to the use of the minor's name and profile picture in connection with commercial, sponsored, or related content; (e) provide parents and legal guardians with additional information about how advertising works on Facebook in its Family Safety Center and provide parents and legal guardians with additional tools to control whether their children's names and profile pictures are displayed in connection with Sponsored Stories; and (f) add a control in minor users' profiles that enables each minor user to indicate that his or her parents are not Facebook users and, where a minor user indicates that his or her parents are not on Facebook, Facebook will make the minor ineligible to appear in Sponsored Stories until he or she reaches the age of 18, until the minor changes his or her setting to indicate that his or her parents are on Facebook, or until a confirmed parental relationship with the minor user is established.
YOUR LEGAL RIGHTS AND OPTIONS IN THIS SETTLEMENT
SUBMIT A CLAIM FORMThis is the only way to be eligible to receive a payment, if the Court orders payment to Class Members.Deadline: May 2, 2013
EXCLUDE YOURSELFThis is the only option that allows you to retain the ability to file your own lawsuit about the legal claims in this case.Deadline: May 2, 2013
OBJECTWrite to the Court about why you object to (i.e., don't like) the Settlement and think it shouldn't be approved.Deadline: May 2, 2013
GO TO THE "FAIRNESS HEARING"
The Court will hold a "Fairness Hearing" to consider the Settlement, the request for attorneys' fees and expenses of the lawyers who brought the Action ("Class Counsel"), and the class representatives' request for service awards for bringing the Action.
 
You may, but are not required to, speak at the Fairness Hearing about any Objection you filed. If you intend to speak at the Fairness Hearing, you must follow the procedures stated on the Settlement website to notify the Court and parties of your intent when you serve your Objection.
Hearing Date: June 28, 2013 at 10:00 a.m.
DO NOTHINGYou will not receive a payment, even if the Court orders payment to Class Members. You will also be giving up your right to bring your own lawsuit related to the claims in the Action. You may be eligible to receive the non-monetary benefits of the Settlement, if the Settlement is finally approved.No deadline
Your Class Member Number: 707550672
To Parents and Guardians of Children on Facebook: The Settlement also involves the claims of minors featured in Sponsored Stories on Facebook. Please see the Settlement website for more information.
More information? For more information about the Settlement and how to take the actions described above, please visit www.fraleyfacebooksettlement.com (if clicking on the link does not work, copy and paste the website address into a web browser) or write to the Settlement Administrator at Fraley v. Facebook, Inc., Settlement, c/o GCG, P.O. Box 35009, Seattle, WA 98124-1009, or GCG@fraleyfacebooksettlement.com. You may also contact Class Counsel, Robert S. Arns of the Arns Law Firm, by calling 1-888-214-5125 or by emailing fb.settlement@arnslaw.com.   

Wednesday, January 30, 2013

Facebook Scam ALERT! Free Southwest Airline Tickets

There is a virus spreading like wildfire on Facebook tonight. The scam offers free southwest airline tickets BUT when you click, it spreads the virus to other people on your friends list, and the landing page is malicious, probably downloads spyware and definitely tries to put the victim through multiple questionnaires and surveys - collecting as much information as they can for identity theft and/or trying to ascertain passwords to banking accounts.

DO NOT CLICK ON IT when you see it on Facebook. DO NOT CLICK!

You can report it to Facebook as a spam or just ignore it. But do not click on it. It will only spread further.

Here is what one looks like on my wall:


You can learn more about protecting yourself from social media scams with this book, Social Media Scams, now available on Amazon.

Free Signed Book Giveaway Feb 4-7, 2013

Please feel free to enter my book giveaway contest on GoodReads.com

http://www.goodreads.com/giveaway/show/43422-social-media-scams-protect-yourself-on-facebook-twitter-ebay-more

I've been helping people for years avoid online scams and I wrote <i>Top 10 Email Scams</i> and <i>Social Media Scams</i> to help spread the word further on how to avoid Internet scams. I want to continue my crusade to reduce the number of victims from these criminals.

This giveaway focuses on my second book, in printed book format, in the series. In <i>Social Media Scams</i> you will learn to recognize and avoid all the top scams currently in use online - it covers scams on Facebook, Twitter, eBay, Craigslist, dating sites and more. It will be a signed copy. It is 220 pages.

The contest is from February 4 through February 7, 2013.

Stay safe out there!