Current Status

This blog is not frequently updated because most case-by-case scam reports are now listed in subordinate blogs. At this point in time, most of my efforts are targeted at documenting employment scams in the Suckers Wanted blog.

2008-11-17

Alert: Malware via MMS Spam

I don't usually report this kind of thing, but it's hot off the press and at least somewhat novel, so here it is. Some miscreant has just registered the domain name mmswirelessweb.com, and is spamming everyone with notifications that they have received an MMS from someone. This notification uses Verizon Wireless branding, but this is just a rip-off: Verizon is not involved in any way. Clicking on the link will prompt you to install a piece of software that is, of course, malware.

   Domain Name: MMSWIRELESSWEB.COM
   Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE
   Whois Server: whois.melbourneit.com
   Referral URL: http://www.melbourneit.com
   Name Server: YNS1.YAHOO.COM
   Name Server: YNS2.YAHOO.COM
   Updated Date: 16-nov-2008
   Creation Date: 16-nov-2008
   Expiration Date: 16-nov-2009

If you have allowed this software to be installed on your computer, you should assume that your computer is badly compromised and disconnect it from the Internet until it can be repaired by an expert.

2008-10-29

Phish of the Day: eNom

A correspondent forwarded me this phish which is unusual in that it has an unusual target: customers of the registrar eNom. These phishers are looking to hijack other people's domain names for nefarious purposes. Note that the links in the message below do NOT go to eNom. The phisher seems to have a pile of domains in the form "comN2.biz" which he is using to support these phishing sites. So far, I have found com62.biz, com72.biz, com82.biz, and com92.biz. All were registered to someone using the email address alexeyvas@safe-mail.net at around  Mon Oct 27 00:45 GMT 2008. All use nameservers in the domain XWHLWWW.COM, which was created on 10-Oct-2008.

I recommend against clicking on any of the following links, since they go to a known hostile site at the time of posting.

---------- Forwarded message ----------

Dear user,

On Tue, 28 Oct 2008 XX:XX:XX -0500 we received a third party complaint of invalid domain contact information in the Whois database for this domain Whenever we receive a complaint, we are required by ICANN regulations to initiate an investigation as to whether the contact data displaying in the Whois database is valid data or not. If we find that there is invalid or missing data, we contact both the registrant and the account holder and inform them to update the information.

The contact information for the domain which displayed in the Whois database was indeed invalid. On Tue, 28 Oct 2008 XX:XX:XX -0500 we sent a notice to you at the admin/tech contact email address and the account email address informing you of invalid data in breach of the domain registration agreement and advising you to update the information or risk cancellation of the domain. The contact information was not updated within the specified period of time and we canceled the domain. The domain has subsequently been purchased by another party. You will need to contact them for any further inquiries regarding the domain.

PLEASE VERIFY YOUR CONTACT INFORMATION - http://www.enom.com

If you find any invalid contact information for this domain, please respond to this email with evidence of the specific contact information you have found to be invalid on the Whois record for the domain name. Examples would be a bounced email or returned postal mail. If you have a bounced email, please attach or forward with your reply or in the case of returned postal mail, scan the returned letter and attach to your email reply or please send it to:

Attn: Domain Services 14455 N Hayden Rd Suite 219 Scottsdale, AZ 85260


LINK TO CHANGE INFORMATION - http://www.enom.com


Thank you,
Domain Services

[IncidentID:XXXXX]

2008-08-14

Info: Freelance Home Writers

I've been asked a few times about whether "Freelance Home Writers" is a scam. My forte is outright fraud and crime rather than "dodgy business", so I'd first like to emphasise that this isn't (as far as I can tell) a front for organised crime.

Having said that, I still wouldn't trust them with a penny of my money. Why's that, you ask? Well, in addition to the informed opinion of an independent party, I note that "Freelance Home Writers" employs a tactic in common use by scammers who want to avoid the ill effects of a bad reputation: the progressive registration of multiple domain names. The image attached to this post is a snapshot of one of several identical "Freelance Home Writers" websites operating under different domain names that have been registered at different times. For example, "freelancehomewriters.com" was registered on 21-Feb-2007, whereas "freelance-home-writers.com" was registered on 29-Aug-2007, and "freelancehomewriters.biz" (which was misconfigured and causing a browser error when I tested it today) was registered on 29-Jan-2008. All of the above were registered using the "WhoisGuard" anonymisation service, so we have no idea who is actually behind this service, or where they are based. Would you trust an anonymous company with no address?

Bear in mind that these guys are selling a product, not offering jobs. They want you to pay to join. Are you going to trust them with your credit card details? Will you have any recourse if their "product" turns out to be worthless? Will you even be able to navigate away from their damn home page without being blocked by pop-up ads? Can you believe their claim on their FAQ page that they have "been online for nearly 6 years now" when the earliest domain name registration is dated 2007?

So, in answer to the question, "is Freelance Home Writers legit or a scam?" my answer is, "I really can't say, but there's plenty of evidence that they can't be trusted!" When you're handing over your credit card information to someone in exchange for a promise of goods or services, trustworthiness is what counts, isn't it? "Scam or legit" frames the question the wrong way: "trustworthy or not" is, I think, a better way to look at it. As fas as I'm concerned, "Freelance Home Writers" operates in a manner that shouts, "I can't be trusted!"

2008-07-24

Advance Fee Fraud: Royale Financing Company

A correspondent tells me that he has applied for a loan through "Royale Financing Company" at www.royalefinancing.com. This is an advance fee fraud scam: they want you to send them fees up-front via Western Union before they will send you the loan. Sadly, the loan and the whole company are both a big lie: this is just a bunch of fraudsters conning people into sending them money. They will gladly take your money and keep it -- you'll never see a cent back.

Bear in mind that the name "Royale Financing Company" is made up. Scammers make up new names regularly because people like me report the old ones as scams. Don't judge the operation by its name: judge it by what they do. If they want you to send them money to apply for a loan, just assume they're scammers and steer clear of them.

Here are the current registration details for royalefinancing.com, for what they're worth.

   Domain Name: ROYALEFINANCING.COM
   Registrar: ENOM, INC.
   Whois Server: whois.enom.com
   Referral URL: http://www.enom.com
   Name Server: NS1.DOMAINCITYSERVERS.COM
   Name Server: NS2.DOMAINCITYSERVERS.COM
   Updated Date: 01-may-2008
   Creation Date: 01-may-2008
   Expiration Date: 01-may-2009

2008-01-11

Alert: Beware Barbara Moratek of the Ivete Foundation

Sunbelt Blog is reporting a strange synergy between what appears to be a Nigerian scam variant and malware pushers. They report that there is spam circulating which claims to be from one "Barbara Moratek" of the "Ivete Foundation". The spam itself is relatively innocuous -- it may be a lead-up to some kind of advance fee fraud or cheque forgery scam, but that's all. If you do a Google search for those names, however, you'll get a lot of hits on sites which contain malware in the form of fake audio/video codecs.

Is this conspiracy, or coincidence? It's hard to say, but it's a new development either way, so far as I'm aware.