Current Status

This blog is not frequently updated because most case-by-case scam reports are now listed in subordinate blogs. At this point in time, most of my efforts are targeted at documenting employment scams in the Suckers Wanted blog.


News: Convicted spammer's appeal dismissed

The USA has Jeremy Jaynes, and the UK has Peter Francis-Macrae. What do these guys have in common? They are both spammers who have been found guilty of spamming and various other nefarious deeds. In the case of Francis-Macrae, he's just had his appeal dismissed (reported by the BBC and The Register).

Judging by his misdeeds, Francis-Macrae is a right nasty little brat, not only engaging in email harassment, but also in threatening actual physical harm to just about anyone who ever told him off about it. At his conviction, the judge described him as, "one of the most vindictive young men [he'd] ever seen".

Enjoy your porridge, Peter. All of it.


Hijack Alert: Commonwealth Bank Group offers 11% p.a. on Term Deposits for Current Customers!

Here's a twist: a "Web Attacker" browser hijack which targets customers of a specific bank. After all, why phish when you can just install a keylogger? Or better yet, install an agent which performs additional transactions while the user is online. Whatever the case, this particular hijack uses a more up-to-date version of Web Attacker than I've seen before (ie0609.cgi). The text of the email lure follows; investigate the links at your own risk. Note that there are two similar domain names in use here (.org and .com).

It seems Commonwealth Bank is doing really well this year, and here we go: 
the highest deposit rate ever seen in Australia. Just quoting the news I 
found at Wealth Creator Magazine.s website:  
If you want competitive returns and you don.t need instant access to your 
cash, you can get a competitive 8.95% p.a. on Term Deposits 
at the Commonwealth Bank for amounts from $3,000 for 12 months, and 10.95% 
for amounts of $5,000 and over.   

We are proud to have you as a member of our bank and would love to offer this 
time-limited Commonwealth Bank.s anniversary rate!
Isn.t amazing? But they limit the offer to the current customers, that's the 
one sad point. If you are one of them I feel jealous for you.  
Again all the details are on the magazine.s portal, the direct link 
to this news:


Hijack Alert: To you there has come a card from

This is another "Web Attacker" lure. I don't know for sure if it contains the latest and greatest "VML" vulnerability for Internet Explorer (for which there is as yet no patch), but it doesn't seem to. I don't have a sacrificial Windows system on which to test it, sadly. Anyhow, if you got an email like this and clicked the link, you'd better assume the worst: that some nefarious person now has complete remote control of your computer, and can monitor all that you do on it.

Happy birthday, dear [name]!

20/09/2006 14:23
You have got a postcard with congratulations from the company
You can pick it up at http://[domain]/postcard45683.html

URLs I've seen associated with this hijack:


Hijack Alert: Email Confirmation for [name]

These hijack alerts are starting to become as mainstream as the job scams, and I'll probably give up on reporting them in detail soon. In fact, I don't intend to report this one in detail. It's just another email designed to make the recipient go "OMG!! WTF??" and click on the link. At the other end of the link (after your browser silently navigates through a twisty little maze of HTTP redirects and other obfuscation) is the infamous Web Attacker software, which attempts to compromise your computer through various known browser bugs.

The best way to be safe from this attack at the moment is still, "don't use Microsoft Windows -- at least, not for anything Internet related." Seriously, that's the best advice I can offer, unhelpful as it is. Second best is, "use a browser other than Internet Explorer, and don't ever ever click on links in spam, no matter what." The text of today's angst-inducing lie follows for the benefit of those wise enough to search: square brackets indicate redacted text; visit the URLs at your own peril. Note that in this particular case I received a bounce message, meaning that the spammer in question sent this spam using one of my addresses as the "from" address. There's not a lot you can do to prevent this, so why worry about it?

Date: Tue, 12 Sep 2006 16:59:08 +0200
Subject: Email Confirmation for [name]
Dear [name].

   Thank you for your subscription to

   You have been billed as KRBILL LLC for the amount of:
   3.95(USD) for 3 days (trial) then 34.95(USD) recurring every 30 days .

   Your new subscription identification number is:573716,

       Your membership access information is:
       Username for your subscription: Skilores
       Password for your subscription: FGyju75u
       E-mail: [name]@[domain]

  Membership website:

Thank you for choosing KRBill as the eMerchant for your subscription!
Customer Support/Cancel Your Subscription 12/09/2006 16:59


Info: A New Twist on the Lottery Scam?

Lottery scams have been around for quite a while, and are so common that I have a blog dedicated to them. The most suspicious thing about lottery scams is that you win a lottery you never entered. The sender usually spins some bull story about how it's your email address that's won, and the sponsor is some benevolent set of corporations that want to promote Internet use. If you believe that sort of thing, you're just plain credulous, I'm sorry to say.

A new variation on the scam which sounds a little more credible has just come to my attention. Rather than tell you you've won a lottery you never entered, they give you a free opportunity to enter a sweepstakes. If you're as cynical as I am, you can guess what happens next: you win the lottery, and it's the same old scam all over again. This is pretty smart from the scammer's perspective. Not only is the whole cover story more credible, but the people who reply and enter the lottery have immediately identified themselves as easy marks.

I won't post a sample in full, since there is too much tracking data in the URLs. Thanks goes to JR for submitting it.

From: "Eligibility Notification " <>
Date: 31 Aug 2006 15:51:43 -0400
Subject: , You Have Been Selected to Win a Million Dollars


To Whom It May Concern,

You're one of the authorized individuals who has a chance to WIN $1,000,000!

You've been selected as a candidate to receive this e-mail announcement.
Not everyone has been sent this private message.
To enter our WinAMillion Sweepstakes simply visit the link below.