Current Status

This blog is not frequently updated because most case-by-case scam reports are now listed in subordinate blogs. At this point in time, most of my efforts are targeted at documenting employment scams in the Suckers Wanted blog.


News: FTC (USA) takes action against some "Work at Home" scammers

One of the categories of job scam is the one where you are asked to pay a fee to get a work-at-home kit, or some kind of useful information on how to work at home. Any kind of up-front fee or need for a credit card should make you think "likely scam" without further ado. The good news is that some legal action is being taken against these scammers: the FTC has just announced seven new cases being brought against businesses using allegedly deceptive and illegal techniques to sell "job opportunities" of various sorts. You can read the FTC press release, or a nice summary at Sunbelt blog.


Info: Interview with a Nigerian Scammer

Scam Detectives are blogging a series of interviews with a Nigerian ex-scammer. This is worthwhile reading for anyone who wants to be informed of the inner workings of the Nigerian scam scene.


News: Qchex shut down by FTC and US courts

Good news for a change: one of the major sources of fraudulent cheques (checks) in the USA has been shut down and ordered to hand over their revenues. Qchex offered a service whereby anyone could have cheques printed for any bank account, but the service made no attempt to verify that the person placing the order had any authority to do so. I hope this puts a significant dent in cheque fraud, but it's too much to hope that it will eliminate the problem completely.


Alert: Malware via MMS Spam

I don't usually report this kind of thing, but it's hot off the press and at least somewhat novel, so here it is. Some miscreant has just registered the domain name, and is spamming everyone with notifications that they have received an MMS from someone. This notification uses Verizon Wireless branding, but this is just a rip-off: Verizon is not involved in any way. Clicking on the link will prompt you to install a piece of software that is, of course, malware.

   Whois Server:
   Referral URL:
   Name Server: YNS1.YAHOO.COM
   Name Server: YNS2.YAHOO.COM
   Updated Date: 16-nov-2008
   Creation Date: 16-nov-2008
   Expiration Date: 16-nov-2009

If you have allowed this software to be installed on your computer, you should assume that your computer is badly compromised and disconnect it from the Internet until it can be repaired by an expert.


Phish of the Day: eNom

A correspondent forwarded me this phish which is unusual in that it has an unusual target: customers of the registrar eNom. These phishers are looking to hijack other people's domain names for nefarious purposes. Note that the links in the message below do NOT go to eNom. The phisher seems to have a pile of domains in the form "" which he is using to support these phishing sites. So far, I have found,,, and All were registered to someone using the email address at around  Mon Oct 27 00:45 GMT 2008. All use nameservers in the domain XWHLWWW.COM, which was created on 10-Oct-2008.

I recommend against clicking on any of the following links, since they go to a known hostile site at the time of posting.

---------- Forwarded message ----------

Dear user,

On Tue, 28 Oct 2008 XX:XX:XX -0500 we received a third party complaint of invalid domain contact information in the Whois database for this domain Whenever we receive a complaint, we are required by ICANN regulations to initiate an investigation as to whether the contact data displaying in the Whois database is valid data or not. If we find that there is invalid or missing data, we contact both the registrant and the account holder and inform them to update the information.

The contact information for the domain which displayed in the Whois database was indeed invalid. On Tue, 28 Oct 2008 XX:XX:XX -0500 we sent a notice to you at the admin/tech contact email address and the account email address informing you of invalid data in breach of the domain registration agreement and advising you to update the information or risk cancellation of the domain. The contact information was not updated within the specified period of time and we canceled the domain. The domain has subsequently been purchased by another party. You will need to contact them for any further inquiries regarding the domain.


If you find any invalid contact information for this domain, please respond to this email with evidence of the specific contact information you have found to be invalid on the Whois record for the domain name. Examples would be a bounced email or returned postal mail. If you have a bounced email, please attach or forward with your reply or in the case of returned postal mail, scan the returned letter and attach to your email reply or please send it to:

Attn: Domain Services 14455 N Hayden Rd Suite 219 Scottsdale, AZ 85260


Thank you,
Domain Services