Log In | Subscribe | | |

spam

The email below has come to our attention today. using a landing page at mybluemix[dot]com and a (perhaps spoofed) address at the domain masew.ml, the scam has characteristics that instantly give it away to the alert but will trap the unwary.

Spoofing email addresses (that is making it look like an e-mail comes from somewhere other than its actual sender) is a remarkably easy trick and it's heavily relied on by spammers. However, this particular spam goes further, aping the tactics used by those who send e-mails that appear to come from banks. Be warned....

Spammers and fraudsters love .com addresses but so does the rest of the world. For some time, there have been domain levels that spammers like because they can create names that look legitimate but are using the name of a legitimate, reputable, business and recipients often do not notice what's after the dot or have faith that registrars are checking and only allocating obviously well known names to their usual users. Recent additions to the "top level domain" system have opened up a new world of opportunity. Here are five TLDs that spammers are making use of and which businesses should consider banning from their incoming mail and, even, blocking server traffic to.

The old ways are the best, not the least of which is because there are always new users whose filters aren't ready for spam that hasn't been seen for a while.

This one's so old-fashioned, it's funny. Oh, and Google's failed to identify a landing page for spam and potentially illegal product sales. Artificial intelligence? Hah.

CoNet Section: 

The return, with increasing frequency, of internet domain name fraud, is usually at least accompanied by a form of what the fraudster hopes is a sufficient disclaimer to prevent prosecution. The latest iteration omits even that and resorts to blatant threats. Also, it seems that the criminals have obtained access to the domain sevenresortsnet.com to send mail and to present a landing page for those who click to respond to the demand.

CoNet Section: 

It's been a while since spammers hawked "meds" in spam. But recently, we got one. The amazing thing is that it's the same as they ever were.

Every dog has his day and, sometimes, every idiot gets his hands on a computer. Here's an example received at our registered office. Maybe it's not a a scam, but for sure it's not accurately targeted commercial mail, either.

BIScom Subsection: 

In the past day or so, a company called emailmovers limited using the domain xmr3.com have sent out a number of spam e-mails addressed to personal e-mail addresses at companies. They claim "Emailmovers is one of the UK's only B2B email data owners who provide Full Email Marketing services in house" which is, in itself a nonsensical statement.

But it's their claim for how many people they feel it's OK to send unwanted commercial email to that is interesting. Just how did they get it and how do they think it's legal to use it? And is it a predicate crime for money laundering purposes if they have breached GDPR?

You should neither know nor care exactly what criminal activity lies behind the link in this e-mail. The fact that it's fraud from beginning to end should be enough.

CoNet Section: 

Spammers have long been involved in directory fraud of one sort or another. Just as in the days of paper, letters are carefully phrased to make victims think they must make a payment. Then, hidden away at the bottom of the page is a note saying "this is not an invoice" and something along the lines of "you only have to pay if you want the service." These days, the spam-scammers also include something to tell you that they are complying with the USA's spam facilitation Act, mysteriously known as the Can Spam Act. And this one doesn't even tell victims what service they are supposedly subscribed to.

FCRO Subsection: 

Fraud is cyclical. Historically, frauds would lie dormant for, perhaps, five years then come back. But the cycle has become much shorter, often only two or three months. Some frauds have become perpetual, aided by e-mail that hits so many prospective targets at such a low marginal cost. Others have a few days in the light before disappearing into relative darkness for a matter of weeks, perhaps because the targets are sorted by e.g. alphabetical order, into batches. One such is fraud relating to domain names. They take several forms but the same basic structure. The fraudster hints that, if you don't pay up, your domain name will stop working. Here's the anatomy of one such fraudulent mail that has reached us multiple times in the past several days.

CoNet Section: 

This morning's collection of spam raises several issues that should interest an extremely broad range of people across organisations.

FCRO Subsection: 

Artificial Intelligence is the buzzword of the year, beating out even "blockchain" and "add oil." A company that claims to be at the front of the pack when it comes to AI is Google. But, as this case shows, it doesn't matter what your algorithms do if what they do isn't properly targeted and the correct action results. It also demonstrates why financial institutions should be very wary of relying on technology which is, at best immature and at worst experimental.

In the meantime, Google and Microsoft, let's bypass the intermediary and you can just send us the "($1,000,000.00) One Million United States Dollars" today. Thank you.

BIScom Subsection: 

It's a spam, it uses Standard Chartered as a hook to entice victims to be defrauded, and it's hilariously awful. Note phone number +447452282904 and email address lrbernal@easynet.es and that the reply is to privacy e-mail service ProtonMail at taxmattersjon@protonmail.ch . But the most interesting thing is this: the e-mail provider easynet.es correctly identified this as spam, even as " advance fee fraud (Nigerian 419)" - then allowed it to pass. Is the provider complicit if anyone becomes a victim?

FCRO Subsection: 

The fraud is old hat. The bitcoin address is, presumably, valid and enforcement agencies may wish to track and attack it. And, of course, any financial institution which has records of it should identify it as a suspicious account.

1HQ7wGdA5G9qUtM8jyDt5obDv1x3vEvjCy

FCRO Subsection: 

Pages