Category: Spam

I suspect this is from the “Mr. Romy” from last week, but …

From: Mr Deva [mailto:redacted@gmail.com ]
Sent: Friday, 09 May 2008 12:30 PM
To: Hill, Dave
Subject: Come Back

Hi Sir,

Are You interested for play a supported actor in shahrukh movie.

Regards
Asst. Shahrukh khan
Deva

I’m thinking … not.

The Spam of the Day:

From: Mr. Romy [string of letters and numbers address]
Sent: Thursday, 07 May 2009 12:32 AM
To: Hill, Dave
Subject: come

Hi,

please give me info about your Bussiness

Regards
Romy

Um … no?

I mean, who would imitate the FBI’s official computer letterhead?

Federal Bureau of Investigation
J. Edgar Hoover Building
935 Pennsylvania Avenue, NW Washington, D.C. 20535-0001  

Our Ref: FBI-75BFWDUS09  

Attention Fund Beneficiary, 

         Payment Release Instruction From The Federal Bureau Of Investigation 

Acting on the Intelligence report we received from the IMF, UNO, World Bank Group and the European Union Commission Committees on Financial Matters through our International Monetary Watchdog, this is to officially notify you that we have placed a suspension order on the remittance coming into your bank account due to several complaints received from the International Monetary Funds External Auditors Committee, World Bank, United Nations Organization and the Federal Reserve Bank of America respectively via International Payment Voucher Number: IMF/FRBWDC/BOA-93WB82UN567-G about the inability of fund beneficiaries to receive what is rightfully theirs as at when due. Consequently, we have directed the ASSURANCE BANK USA N.A., a subsidiary of the Federal Reserve Banking System to disburse your due wining/inheritance and contract payment valued at Seven Million Three Hundred Thousand United States Dollars (US$7.3M) in your favor via their branch in New ! ! York by! Key Tested Swift Transfer  

In consideration of the above, you have been issued with this Exclusive Reference Identification Number (IMF/FBI-WDC/9USXX10751/09), Vide Transaction No.: WHA/EUR/202 and Transfer Allocation No.: FBI/X44/701LN/ABUS/US, Password: 339331, Pin Code: 78569, Certificate of Merit No: 104, Release Code No: 0876; Immediate Assurance Bank Telex Confirmation No: -222568; Secret Code: XXTN014. Having received these vital payment numbers, you are instantly qualified to receive and confirm your payment within the next 48hrs. as necessary clearance has been granted to the paying bank by the relevant offices/agencies to release the funds to you with immediate effect. 

In view of this directive received from the various agencies, we have on our own part verified your payment file as directed to us, and your name is next on the list of outstanding fund beneficiaries to receive their payment at this first quarter of the year 2009. With that being done, you are required to urgently contact the ASSURANCE BANK USA N.A. in New York through the Funds Release Supervisor:  

Contact Person: Sir. Clarence Dexter Jr.
(Funds Release Supervisor)
Email: cladex@gmail.com
Direct Office Line: 914 373 6375
Fax Number: 206 426 3179 

And reconfirm your international payment voucher number and your reference identification number respectively before that office with a view to the final remittance approval by the Economic Stability and Recovery Committee for subsequent crediting of your bank account to the tune of funds as stated herein. 

We wish to inform you of the need for you to also re-confirm your full personal, contact and banking details before the ASSURANCE BANK USA N.A. in New York to enable the officer in-charge to proceed with the preliminary arrangements that will enhance the immediate release of your funds. The details are as follows:  

1) Your Full name;
3) Your contact telephone and fax number;
4) Your Age and Profession;
5) Copy of any valid form of your Identification;
6) Your Bank name;
7) Your Bank Address;
8) Account name and Number;
9) ABA/Routing Number;
10) Swift or Sort Code/IBAN; 

Owing to security reasons, be clearly informed that we will not respond to any phone calls/general inquiries placed to our agency with regards to the remittance of your funds by beneficiaries as we are barred from doing so, you are therefore advised to communicate only with the accredited officer for further remittance advice. The FBI Criminal Justice Information Services (CJIS) Division processes these requests to check illegal activities in the United States of America. 

Thank you for your time and anticipated co-operation. 

TREAT AS URGENT. 

Robert Mueller, III
FBI Director. 

Although I am kind of intrigued  by what happened to missing item #2 …

Sometimes I don’t think these guys are even bothering to try very hard.

From: Upgrade Srevice Team (iinfo@update.com)
To: account_up_grade@[domain I’ve never heard of]
Subject: GOOD DAY 

Dear Webmail account User,

This message is from Webmail account update Service team
messaging center to all subscribers/webmail users. We are currently
upgrading our data base and e-mail center due to an unusual activities
identified in our email system. We are deleting all unused Webmail
Accounts. to create space for new ones.

You are required to verify your webmail account by
confirming your Webmail identity. This will prevent your Webmail
account from been closed during this exercise.In order to confirm
your Web-Mail identity, you are to provide the following data;

First Name:
Last Name:
Username/ID:
Password:
Date of Birth:

*Important*
Please provide all these information completely and correctly
otherwise due to security reasons we may have to close your account
temporarily.We have been sending this notice to all our email account
owners and this is the last notice/verification exercise.

webmail service Maintenance team.

Not the best phishing attempt out there. But keep trying, guys!

I got an email from the “Tobacco News Center”! And, guess what! It was “**Winning Notification**”!

What could I have won? I must open it!

Whee! 

Your email ID has been awarded 1,000,000,00 GBP in our recent tobacco promo,Contact this office via:

Name:………………..
Country:……………..
Sex:…………………
Age: …………………
Address:……………….

Wowee! That’s a lot of money! I’ve just quit my job right now, so I can devote myself to planning my new lifestyle, starting with getting in contact with the “Tobacco News Center” to collect my cool …

… hey, waitasecond! Those zeroes are grouped funny! Is that a hundred million GBP … or a billiion GBP … or maybe a milliard GBP! Or, maybe … just maybe … it’s a fake! 

Yikes! How do I recall an email?!

Well, the verbiage is more believable, but they haven’t quite figured out how to make a really decent spoof of a web address:

Due to recent account takeovers and unauthorized listings, Capital One is requesting a new account verification procedure. From time to time, randomly selected accounts are placed under an advanced updating process based on merchant accounts / bank relations and on-file credit cards.

We would like to inform you that your Capital One account is currently locked. To unlock your account, you need to confirm your information on file with us by going to:
http://h-74-2-228-70.[covad address redacted]/www.capitalone-online.net/c1/ssh/
Capital One may also request scanned/faxed copies of your photo ID.

To speed up the verification process, please update your information within the next 24 hours.

We apologize for any inconvenience this may have caused.

Thank you for using Capital One.

It bears repeating to anyone who gets something like this, even if it looks legit:

1. Never click through.
2. Go to the company main web page (do it by name, don’t do it from any address on the email), then go to your account information from there.
3. Or call the customer service number on the back of the credit card or bank statement.

Wow! Ninety dollars, and all I have to do is execute a script on your web page? Awesome!

Dear Customer,

You’ve been selected to take part in our quick and easy 9 questions survey
In return we will credit $90.00 to your account – Just for your time!

Please spare two minutes of your time and take part in our online survey
so we can improve our services.
Don’t miss this chance to change something.

Aside from dearth of logo and a few awkward bits in grammar, this is done pretty well. Some folks might get confused.

To access the form  please copy/paste the link below in your browser (or click the link):

http://www.[redacted].co.kr:8080/CUNA/online.survey/survey.php

So … why are you having me link to a Korean web site — and run a survey script link? To be fair, most phishing sites will have an HTML link so you don’t see the home site unless you hover over it. But that just means these guys are incompetent, not honest.

The Credit Union National Association (CUNA) is the premier national trade association serving credit unions. Ninety percent of America’s credit unions are affiliated with CUNA.

© Copyright © 2008 – Credit Union National Association, Inc.

Notice that they don’t say (even with two copyright symbols) that they actually are the CUNA.  Not that I’d believe them if they did.

Note:
* If you received this message in your SPAM/BULK folder, that is because  of the restrictions implemented by your ISP
* For security reasons, we will record your ip address, the date and time.
* Deliberate wrong imputs are criminally pursued and indicted.

I’m amused at all the security notices at the bottom of this.

Survey ID :

[Long string of letters redacted]

Wow, that sure looks official, all right! Sign me up!

Well, if it’s from the government of Nigeria, not some unknown widow, charity, or lawyer, it must be true!

  OFFICE OF THE SENATE HOUSE
FEDERAL REPUBLIC OF NIGERIA
 COMMITTEE ON FOREIGN PAYMENT
 (RESOLUTIONPANEL ON CONTRACT PAYMENT)
IKOYI-LAGOS NIGERIA
Our Ref: [redacted]
Your Ref [redacted]­.

BENEFICARY, THIS IS TO OFFICIALLY INFORM YOU THAT WE HAVE VERIFIED YOUR CONTRACT/INHERITANCE FILE AND FOUND OUT THAT WHY YOU HAVE NOT RECEIVED YOUR PAYMENT IS BECAUSE YOU HAVE NOT FULFILLED THE OBLIGATIONS GIVEN TO YOU IN RESPECT OF YOUR CONTRACT/INHERITANCE PAYMENT.

SECONDLY WE HAVE BEEN INFORMED THAT YOU ARE STILL DEALING WITH THE NONE OFFICIALS IN THE BANK YOUR ENTIRE ATTEMPT TO SECURE THE RELEASE OF THE FUND TO YOU. WE WISH TO ADVISE YOU THAT SUCH AN ILLEGAL ACT LIKE THESE HAVE TO STOP IF YOU WISH TO RECEIVE YOUR PAYMENT SINCE WE HAVE DECIDED TO BRING A SOLUTION TO YOUR PROBLEM. RIGHT NOW WE HAVE ARRANGED YOUR PAYMENT THROUGH OUR SWIFT CARD PAYMENT CENTER ASIA PACIFIC THAT IS THE LATEST INSTRUCTION FROM MR. PRESIDENT, UMARU MUSA  YAR’ADUA (GCFR) FEDERAL REPUBLIC OF NIGERIA. AND FBI.THIS CARD CENTER WILL SEND YOU AN ATM VISA CARD WHICH YOU WILL USE TO WITHDRAW YOUR MONEY IN ANY ATM MACHINE IN ANY PART OF THE WORLD, BUT THE MAXIMUM IS TWENTY  FIVE THOUSAND DOLLARS PER DAY, SO IF YOU LIKE TO RECEIVE YOUR FUND THIS WAY PLEASE LET US KNOW BY CONTACTING THE CARD PAYMENT CENTER  Mary  william ON HIS EMAIL ADDRESS: [redacted] Direct Tel:  [redacted]:

AND ALSO SEND THE FOLLOWING INFORMATION:

1. YOUR FULL NAME

2. PHONE AND FAX NUMBER

3. ADDRESS WERE YOU WANT THEM TO SEND THE ATM VISA CARD

4. YOUR AGE , CURRENT OCCUPATION AND POSITION  THE ATM VISA CARD PAYMENT CENTER HAS BEEN MANDATED TO ISSUE OUT USD4.2MILLION AS PART PAYMENT FOR THIS FISCAL YEAR 2008. ALSO FOR YOUR INFORMATION, YOU HAVE TO STOP ANY FURTHER COMMUNICATION WITH ANY OTHER PERSON(S) OR OFFICE(S) TO AVOID ANY HITCHES IN RECEIVING YOUR PAYMENT. FOR ORAL DISCUSSION, EMAIL ME BACK AS SOON AS YOU RECEIVE THIS IMPORTANT MESSAGE FOR FURTHER DIRECTION AND ALSO UPDATE ME ON ANY DEVELOPMENT FROM THE ABOVE-MENTIONED OFFICE.

NOTE THAT BECAUSE OF IMPOSTORS, WE HEREBY ISSUED YOU OUR CODE OF CONDUCT, WHICH IS (ATM VISA CARD-[redacted 3-digit code]) SO YOU HAVE TO INDICATE THIS CODE WHEN CONTACTING THE CARD CENTER BY USING IT AS YOUR SUBJECT. Best Regards

 David Mark

 SENATE PRESIDENT

My only confusion is why it’s signed by David Mark, but the Rocketmail account it comes from has a different name. It is a puzzlement.

I have to admire this particular bit of spam for its ingenuity in getting folks to open it, then read it:

Subject: Nadal disqualified from Wimbledon win

Body: Hillary Clinton announces divorce from Bill Clinton, citing irreconcilable differences

Followed by a link that no doubt does Terrible Things if you click on it.

Now, aside from the gaffe that the subject line doesn’t go with the body text, this is downright ingenious. Folks have gotten suspicious of offers of free money and pharmaceutical improvements to their organs, but offer up some juicy sports news and/or political gossip, and people are so there.

It’s evil, in an almost admirable way.