22 August 2002
Spammer, email thyself

Today's spam originated in Australia, where evidently they cut the crap and get to the point:

"You get emails every day, offering to show you how to make money. Most of these emails are from people who are NOT making any money.

"And they expect you to listen to them?"

Of course, I'm expected to listen to this.

Permalink to this item (posted at 5:45 AM)
8 September 2002
Fried spam

The email began, like so many others, with this:


By the time I get through with it, the sender will wish I had deleted it.

Permalink to this item (posted at 1:13 PM)
6 October 2002
Pop go the weasels

When two different Web sites give you the same bogus YOU ARE THE 10,000,000TH VISITOR TO THIS WEBSITE popup, the most generous interpretation possible is that someone can't count worth squat. Zeldman has had over ten million, and probably so has Glenn Reynolds, but neither of them have indicated that they feel compelled to sell me crap.

Being the diligent soul I am, I followed up this link, which goes to something called qualypromos.com (cripes, even Streisand can spell better than that), a front for some Florida vacation spot. The domain is registered to one David Randall; I mention this in case I see some of his handiwork again, in which case I hope to be alert enough to offer a cross-reference.

In the meantime, I'm about two months away from my 200,000th visitor. Legitimately, yet.

Permalink to this item (posted at 7:29 PM)
26 October 2002
The free-market approach?

Today's spam has just the right amount of shamelessness. It emanates from, misidentified (of course) as hotbot.com, and which is duly enshrined at SpamCop.

And the text? Get this:

Don't even think about paying for porn on the net! What's the matter with you? Why are all you new surfers on the net running around with your credit cards and paying for porn?

Don't you see that by paying for porn it ruins it for all of us who get it for free?

Normally, this sort of thing sets off my TANSTAAFL alert, but since I don't frequent porn sites I once had one of those one-year pass things, which I used two or three times to peer at some grainy Victorian erotica or some such stuff, but I let it expire, and anyway this wasn't sent to the email address I used I consider it more of a mere curiosity. Not enough of a curiosity to induce me to click on the proffered link, though, which apparently leads back to a site hosted at DialNil.com, a Minnesota Web host which may not know that it's leasing space to someone who's, um, giving it away.

Permalink to this item (posted at 10:43 PM)
28 October 2002

Occasionally I have posted spam I've received, sometimes here in the log, sometimes in The Vent. I get a lot of it, but probably no more than most people, and certainly less than, say, .

As Dave Barry might say, I am not making this up.

Permalink to this item (posted at 8:37 PM)
9 November 2002
Baked beans are off

Today's spam, claimed to be from the dubious address <zondervan2227e82@yahoo.com>, is fairly standard pornucopia effluent, with invitations and links to <3xgirl.com>, <sinfulmpegs.com> and <glamoursluts.com>, all of which are herded together along with God knows what else under the general heading of <servergod.com>, operated by one Robert Sudduth in Plattsmouth, Nebraska, a regular visitor to the database at SpamCop.

Most perturbing, perhaps, is that "zondervan" in the bogus email address. The real Zondervan is a legitimate publisher of, among other things, Bibles; I guess Sudduth figures nobody will set a spam filter for the word.

Permalink to this item (posted at 7:20 PM)
7 December 2002
Fresh spammage

Today's spam is claimed to come from one Jennifer Hawkings, at the dubious address of <sandrasaga@mail.com>. The ostensible Ms. Hawkings says:

Browsing through the CNN website I came across this CNN article which seems to be about you:


Believe me, there isn't a chance in hell that anything ever covered by CNN has the slightest thing to do with me; I am completely unknown even at home. And, of course, the trick is in the proffered URL: anything before that @ is parsed as a password/user-ID combination (for use, for instance, with Web-based FTP), and the browser actually travels to liquidshirts.com, a domain belonging to Carlberg Grafix, Inc. of Springfield, Illinois, an institution which is not known to be a provider of information to CNN, but which is known to be a provider of printed novelty items such as T-shirts and, um, toilet paper.

At least it's not a porn operation. And "Jennifer", dear, while I appreciate the clever touch of designating Sun's iPlanet Messenger Express, a Web-based product, as the mailer, you really didn't have to go to the trouble of routing this little bit of spam through Russia, the Netherlands and Japan.

Then again, given the general resentment of spam by US-based ISPs, maybe you did.

Permalink to this item (posted at 3:12 PM)
18 December 2002
Somewhere a mixed marriage

The latest trend in spam, it seems, is to insert a name in the FROM: field that looks almost believable, with the hope that the recipient, seeing that it's not from farginggibberish@fakeisp.com, might actually look at it before hitting Delete.

I said "almost". Today in my Hotmail box, which I use mostly for spam collection, was the usual item about how to leverage Euro currency (which is probably no more believable than that "World Currency Cartel" stuff), ostensibly from a fellow named, um, Mohammad Schlottman.

Methinks their name-generating algorithm needs a little tweaking.

Permalink to this item (posted at 3:04 PM)
5 March 2003
The return of Jennifer Hawkings

When last we heard from the pseudonymous Ms Hawkings, she was trying to promote a Web site that sold T-shirts by persuading the unwary that somehow they'd been mentioned by CNN. I disposed of that notion quickly enough, but she's had almost three months to recuperate, and now she's back with a new, um, deal.

This time at <jhawkings@martsgroup.com>, which seems to be based in Moscow, she's pitching a list. And not just any list, either:

Our company possesses several business email lists which allow to contact commercial websites and companies offering their products and services on the Internet. These B2B email lists could be a perfect source for gaining many new clients for your company. Please take a moment to review the lists we have. The segregation is performed by the source where the websites/companies are listed:

1. 258,000 Companies from Yahoo's business directory:

2. 208,000 Companies from Google's business directory:

I don't do B2B, being neither B nor B, but regardless, I fail to see the value of this service; I can click on those links just as easily as "Jennifer Hawkings" can.

And in fact, I tend to think that this is not the same person as before; this seems like part of an effort to create a fictional spokesperson for spamdom, the email equivalent of Betty Crocker or Aunt Jemima or Alfred E. Neuman. And hey, who knows? Maybe someday, instead of being spammed, you'll be jennifered. Who excepting perhaps Simon Lamont could possibly object?

Permalink to this item (posted at 5:49 AM)
24 March 2003
Block that spam!

Phil Goldman says you get too much spam, which is almost certainly true, and he's going to do something about it, for a small fee.

Goldman's new Mailblocks service incorporates a so-called "Challenge/Response" mode. If you're sending mail to a Mailblocks user and you're not in that user's address book, the mail is not delivered until (1) you receive an auto-generated message from Mailblocks and (2) you reply with the authentication code included in that message. Spammers, of course, don't reply, since they sent out a bogus reply address to begin with and therefore will not receive the authentication code. Once in your recipient's address book, you can send mail with no interruptions.

Mailblocks also permits aliases which will allow computer-generated mail that is wanted mailing lists, newsletters, e-commerce confirmations and the like to pass through without challenge.

Undelivered mail is held in "quarantine" for two weeks and then automatically deleted; the recipient can inspect it at any time. Mailblocks supports both POP3 and IMAP, regular email clients or Web-based mail.

This service has only been up and running for a few hours, so I can't tell you how well it works. But for a mere ten bucks a year (twenty-five bucks for four times the storage space), it may be hard to resist.

Permalink to this item (posted at 9:13 AM)
10 April 2003
Thoroughly hosed

Spammers are nothing if not indiscriminate; the turgid spew that constitutes the average penis-enlargement ad is bestowed more or less equally upon those who own a version of the organ in question and upon those who do not. This could perhaps be explained away as nondiscriminatory we are all wangs, says Frank J. but it strikes me as somewhat profligate: half of this advertising, in true John Wanamaker style, is wasted.

The latest of these annoyances popped into my mailbox with the usual pitch, an origin somewhere in Brazil (and a bogus "remove" address that appeared to be German), and the tag: "Bigger than Shaq's!" Now I know the NBA is overrun with bombast and boastfulness, but I don't recall ever seeing a reference to the dimensions of Li'l Shaquille. Is this something of renown that I've missed, or should I start pestering Snopes about it?

Permalink to this item (posted at 7:00 PM)
23 April 2003
Getting a handle on spam

The new Oklahoma anti-spam law, signed yesterday by Governor Henry, strikes me as relatively toothless. It does prohibit spoofing email or Web addresses, and it does require ads to state that they are ads in the subject lines porn ads must contain the string ADV-ADULT but until there are provisions to hunt down spammers and disembowel them on streaming video, there will be little or no effect on the state's email users.

Permalink to this item (posted at 8:05 AM)
26 April 2003
Next: Armed Robbers Support Group

An operation called EMarketersAmerica.org (dot org?) is suing antispam groups, charging that they harass legitimate businesses.

Max Power reports that he went looking for a copy of the complaint at the group's Web site, but "it's been shut down for spam violations."

Imagine that.

Permalink to this item (posted at 11:25 AM)
2 May 2003
Blade running

As of last night (two deleted, one added), I have twenty-three spam filters working on my incoming mail; their success ratio is somewhere between not much and zilch, but any spam I don't have to look at counts as a very minor moral victory.

The email provider for this domain recently installed a server-level despamming system called Vipul's Razor, which is supposed to catch the varmints before they reach my POP3 box. I set it up last night for my primary mailbox, and it caught fifteen of twenty-seven before I was able to provide it any feedback. Not too bad. Better, there were no false positives: nothing I actually wanted was misidentified as spam.

I'll leave this in place for a while and see if it's sufficient, or if I need to go to a more activist, locally-based system like MailFrontier's Matador.

Permalink to this item (posted at 6:57 AM)
15 May 2003
Attempted thievery

So why would eBay, which knows me perfectly well, from my user ID to my 123 positive feedback points not too shabby for someone who's never sold anything need to know my password?

Which is by way of introducing you to today's spam, which was a lame attempt to steal said password, titled "Security Check." (yes, with the period), and swiping eBay graphics in an attempt to look legit. Had I filled in the blanks as requested, this information would have been posted to a page at a domain called memenutza.com, ostensibly owned by one Michael Rafter of Denver.

I have, of course, notified eBay; I'm passing this on to the rest of you in case the culprit has a fistful of blogger names.

Permalink to this item (posted at 5:38 PM)
23 May 2003
California vs. spam

The antispam bill passed by the California Senate yesterday allows recipients to sue spammers for $500 per incident.

Like anyone is going to collect anything from the likes of cqpmi838@atrxpwqph.cxm, an address pulled at random from my dizzying array of Hotmail spam.

Permalink to this item (posted at 7:14 AM)
25 May 2003
Attempted thievery, Part Deux

I reported earlier this month about a lame email attempt to steal my eBay user ID and password. Now comes word from The Register that a similar scam has arisen with the intent of swiping personal information from users of eBay subsidiary PayPal. The email apparently originated in Lithuania.

I caught one minor glitch with The Register's report: they state that "one fake PayPal message spotted in the wild last month misspelled the word 'address' and included a disclaimer from the credit card company Providian, which has no link to PayPal or eBay." Actually, Providian is the issuer of a PayPal-branded Visa card, promoted heavily at the PayPal site; I cut up one of them this very afternoon.

Permalink to this item (posted at 9:42 PM)
29 May 2003
Tomb, vacant, nothing down

Marc at Quit That! is getting spam from Christ, or at least that's what the FROM: field says. The usual "get hundreds of lenders to compete for your mortgage loan" stuff.

Now if he gets one of those damnable penis-enlargement ads from this same source around the Feast of the Circumcision, then I'm going to worry.

Permalink to this item (posted at 7:30 PM)
8 June 2003
Nailing spammers

Eric Scheie at Classical Values proposes this modest solution to the problem of email spam:

Spammers could simply be crucified along the highways, just the way the Romans did it. As in the good old days of public crucifixions along the Via Appia, here the modern Al Gore Information Superhighway could be seamlessly linked to live crucifixions via strategic web cams, viewable at anti-spam websites, where we could watch the spammers die (and other spammers could witness the fates of their comrades). What a deterrent!

A real "Pilate Program!"

Needless to say, no libertarian would seriously propose that the government get involved in such cruel punishments (which obviously violate the Eighth Amendment of the Constitution), and I am not doing that. Let's keep it in the private sector where it belongs. Spammers flooded the world with shoddy advertisements during their lives, and it is only fair that their deaths be advertising spectacles the tackier the better! "Your corporate message and logo HERE! on THIS CROSS!" (Buy as many crosses as you can afford!) "Another spammer nailed courtesy of SnuffNet.com!" Securely fastened with "Palm Pilate" brand "finishing nails" as seen on the Internet!

Serves 'em right for promising to grow all that wood for us.

(Muchas gracias: Craig Ceely.)

Permalink to this item (posted at 3:31 PM)
17 June 2003
They never give up

One part scam, one part spam how can I resist mentioning it here?

Dear Customer,

Fleet Bank team is happy to introduce a new level of security. Follow the link to
the information update and login page:

Kind regards, Fleet Bank team.

Just incidentally, fleet-security.com has nothing to do with Fleet Bank or any Fleet Boston Financial operation: it's owned by Michigander Kelley Shlentz and exists, so far as I can tell, specifically to steal personal information. (I say "so far as I can tell" because I couldn't reach the site this morning: perhaps someone else has already lowered the boom upon this schmuck.) It's people like that who make the death penalty understandable.

Permalink to this item (posted at 7:24 AM)
2 August 2003
A thesaurus of spam

My POP3 mail client (yes, the dreaded Outlook Express) is set to render all HTML mail as plain text, mainly because, well, I hate HTML mail; if you've got something to say to me, you don't need to tart it up with background graphics and font combinations worthy of a ransom note. What's more, those cute little Web bugs that often come with it, externally-loaded graphics that, by mere dint of having been loaded, verify one's email address for the sake of spammers, get swatted at the very lowest level.

Sometimes, once the formatting is swept away, what's left is almost amusing. The following blank verse is the plain text that remained from an HTML-based spam sent to this address from, a verified spam source:

maturing explodes tenfold ex pong tending accumulator temporal tardy ideologically polopony mill hopscotch bart bechtel evermore sardine sands poem sciences tactics accruing sanest temperamental tempters crawls acquits bp bessemer courteously $RANDOMIZE sculptures aaron bounced hydraulic tempera expenditures abe medals mileage secede bluegrass creedal excitingly tautness tangential aerobacter memory algerian covenants admitting exclude matriarch hourglass exciting crested thatches pose teetotal housebreak exits $RANDOMIZE evenly bessemer courageous alfred hyperboloidal algiers adrenal babylonian horribleness hothouse megohm scribbles telephoning poignant hubbub bores ben tended breadboard plume plop

talents counter adjective immediate corrode boarder mechanize please cortical accusatory portage eukaryote maverick bombard scarce evince scraggly bluet polishing adsorbed bernadine tautological tact talkativeness bondholder mattock creases expounded evicting pouted $RANDOMIZE tastelessly tantalizingly boomerang creekside playgrounds exclaims migrates exercisers ainu tearful blur evidences pleasures practiced berwick plunderer boors evocation housing pol imaginings couches seaside bart achromatic mazes plumbed adjured savvy breakfasted $RANDOMIZE bluff creativeness terminally blurred hourly booty theatricals arab bottomed temporal tat illinois possibilities screams county scribbles boilerplate meadowsweet technologies imitates metaphysical

In the HTML version, you'd see none of these words; they appear in white on a white background, and what you get on top of them is a referral to www.365pharm1.com, a distributor of a Viagra knockoff, whose domain registration traces back to China.

And really, if those hourly booty theatricals were truly arab bottomed, it's no wonder they were terminally blurred.

Permalink to this item (posted at 8:21 AM)
5 November 2003
No word yet from Mike Hunt

Most of the spam that gets past my filters has for a sender's name either a meaningless jumble of crapola, which is immediately deleted, or a randomly-chosen real-sounding name, which is immediately deleted once I recognize it as being no one I know.

One of the dunderheads trying to sell me Microsoft OEM software of dubious provenance signed himself as "Spoilage G. Prone," which strikes me as a decent pseudonym for some future blogger (cf. Mindles H. Dreck). I figure sooner or later they'll hit on the name used by the British satire magazine Private Eye back in the Sixties for a Fleet Street malingerer of the Jayson Blair stripe (and by me, briefly, as a BBS nom de modem): Lunchtime O'Booze.

And then, of course, I'll have to read the damn thing.

Permalink to this item (posted at 5:30 PM)
21 November 2003
Schadenfreudian slip

Today's spam comes from one "Oncoming S. Irony", undoubtedly a kindred spirit to Spoilage G. Prone, from whom I heard earlier this month. Mr Irony, who gives the possibly-bogus address <lemberg@guadalupano.com> an http request redirects to something called Webmasters.com, which looks like a fairly ordinary Web host, and Whois reports the very Spanish-sounding domain name belongs to something called "Latin American Telecom Inc.", with a Pittsburgh address and a Mexican phone number has adopted the very trendy scheme of concealing a bunch of text that doesn't display, in the hopes of sneaking past Bayesian filters, while rendering the text you're supposed to read in a tedious one-character-at-a-time mode that doesn't get killed by your existing Instant Discard test.

Still, the miracle of non-HTML email (the only way email should be sent, now and forever) enables one to decipher the following from Mr Irony's spam:

The Defense Technical Information Center (DTIC®) is the central facility for the collection and dissemination of scientific and technical information for the Department of Defense (DoD). Much of this information is made available by DTIC in the form of technical reports about completed research, and research summaries of ongoing research.


Now that's irony.

Permalink to this item (posted at 7:42 PM)
23 November 2003
Public enema number one

This particular anal drip is named Alan Ralsky, and he is now believed to be the World's Leading Spammer.

If they ever bust this guy, I hope he gets pantsed on television, if only to see if he's used any of that penis-enlargement crap.

Permalink to this item (posted at 9:12 AM)
9 December 2003
Striking back

Robert Braver in Norman has been fighting unsolicited crapola for a long time. On his Web site, in fact, he characterizes telemarketers and senders of junk fax as "a form of organized crime," and he's happy to take on this mob in the courts.

So it's no surprise to see Braver suing spammers (NewsOK.com registration required: email cgh at windowphobe.com, pw carlotta) under the Oklahoma law which went into effect last month. The statute outlaws fake routing information or bogus email addresses, and specifies a format for unsolicited email which must be followed explicitly. Said Braver:

Americans and American businesses are fed up with the greedy sociopaths and criminals who are destroying e-mail as a viable communications medium.

Personally, I'd rather see them crucified, but whatever works, right?

Permalink to this item (posted at 7:44 AM)
26 December 2003
Inexplicable laxity

I haven't badmouthed any spammers lately, for which I apologize.

In the meantime, feel free to mock Charles Gibson, PO Box 19180, Denver, Colorado 80219, who operates something called discount-phentermine.biz (not to mention viagra-pills.info); somebody attempted to run willy-nilly through the comments section here to promote his tawdry wares using an Australian IP. (If you care, it was

In recent years, American pharmaceutical companies have been pitching a fit because their products are being sneaked back across the border from Canada and Mexico, and claiming they were acting in our best interests. If they were really anxious to do us a favor, they'd pitch a fit because their products are being sneaked out of retail channels and into the hands of people like Gibson.

Permalink to this item (posted at 9:58 AM)
28 December 2003
The worst of both worlds

Today's spam, from islurp.biz (that doesn't even sound good), offers something called Porn Sharing Software.

Keep in mind that I am fifty years old, and the stuff I grew up to think of as smutty is now rated PG-13; I can't even imagine what it takes to qualify as pornographic these days.

Well, actually, I can, but I'd rather not. And if I could, I certainly wouldn't be sharing it.

Permalink to this item (posted at 8:24 PM)
21 January 2004
The price of spam

In Denmark, it's seventeen bucks.

The Danish National Consumer Agency brought spamming charges against Aircom Erhverv ApS; the firm was fined four hundred thousand crowns (about $68,000) for sending out approximately 1500 unsolicited emails.

Under the law enacted in Denmark, the minimum fine for spamming is 10,000 crowns ($1700); each and every email beyond the first hundred draws a fine of 100 crowns ($17). This is the second case won by the Danish government against a spammer.

As penalties go, this is fairly stiff, though I suspect some senders will require stronger treatment.

Permalink to this item (posted at 2:36 PM)
22 January 2004
High-intensity scamming

The ever-popular "PayPal Limited Account Access" scam has arrived at my mailbox, and its execution was a bit more amateurish than usual.

For one thing, the bogus email was sent to an address which has no PayPal account, which is pretty easy to spot. And the spoofed URLs were prodigiously lame: I mean, poypail.com? Sheesh.

The ostensible tech/billing contact for this domain is one , 10 Oak Lane, Scarsdale, New York 10583. I do hope he enjoys the publicity.

Permalink to this item (posted at 5:28 PM)
28 March 2004
Phried phish

The clown with the South African IP address (I suppose he himself could be just about anywhere) who bogused up a login screen for my online banking service did a pretty good job, designwise.

However, where he fell down was in his insistence that "In order to view this message your e-mail client must support HTML format." Wrong-O, Buffalo Bob. I don't read email in HTML format from anyone under any conditions, and actual email from the bank has always been sent in a plain-text version.

Once in a while someone who pulls a stunt like this gets caught, but basically, we're dealing with cockroaches here: if you see one, there are probably five hundred you don't see. It's probably impractical to stomp every last one of them. But there's no need to feed the little bastards.

Permalink to this item (posted at 8:54 AM)
7 May 2004
But it smelled phishy

You know, if I'd seen this email, I'd have turned it in to the security folks myself.

I mean, it's not like I've never seen this sort of thing before.

(Courtesy of The Critical 'I'.)

Permalink to this item (posted at 7:17 PM)
21 May 2004
Because clues aren't for everyone

Today's spam comes from one "Clifford Fergusson", though it's signed by one "Maxine Carson", identified as "Supervising Regional Executive for Oklahoma City". This being spam, I assume that both of these names are fraudulent. Not that it matters, particularly, since this particular example is so badly executed:

We monitor homes in Oklahoma City whose owners are making unnecessary extra payments on their home. In looking for qualifying participants, we came across your property at [address snipped].

Brief: In February 2004 we developed 3 new financing strategies that will eliminate the extra payments you are making. We choose carefully who we select as the criteria for qualification is stringent.

Even briefer: In February 2004 I wasn't living at the address you listed, and I never owned that property. Obviously your "stringent" qualification isn't worth a pint of marmoset urine.

The link below is to your online account where you can view your information and verify that it is correct.

Fat chance, Maxine Clifford Bucky.

Tucked away at the bottom is a postal address:

Ambro Enterprises
800 N. Rainbow Blvd. Suite 208
Las Vegas, NV 89107-1103

Which matches the WHOIS record for, the IP tucked into their reply URL. About two minutes of Googlage turned up in that very same little suite:

  • a talent agent;
  • a vendor of gift baskets;
  • a rental-property manager;
  • and a kiddie-ride franchiser.

Must be one hell of a boiler room. Interestingly, John Reyes, listed as the contact for Ambro, actually lives in Clifton Park, New York, and to be fair, if I had to share space with all those other operations, I'd move across the country too.

Permalink to this item (posted at 7:18 AM)
28 June 2004
You're choking in it

The Code Warrior reported today that over the weekend, we were favored with some fourteen thousand individual spams, which would take a large part of the morning to delete and which in the interim would likely slow the corporate mail service. (Well, duh.)

There is, of course, no way to be properly avenged, but I suspect it will be easier for a mailbag full of Levitra® to pass through the eye of a needle than for a single spammer to avoid eternal damnation.

I'm stocking up on extra-small needles as a precaution.

Permalink to this item (posted at 5:17 PM)
31 August 2004
Take a bite out of spam

It's probably overkill for an individual user at my volume level (150-200 a day), but we're trying this contraption out at 42nd and Treadmill, and in its first half-hour of operation it trapped 100 or so items of dubious provenance.

Given the amount of time we waste processing and tossing that crap stuff, I figure the machine should pay for itself no later than the end of next month.

Permalink to this item (posted at 1:32 PM)
16 September 2004
Overly-targeted marketing

A spammer, identified as "Tammie Ortega," unloaded upon me today an offer for, and I quote, "drugs out the ass."

Further comment from me would be superfluous.

Permalink to this item (posted at 8:53 AM)
23 October 2004
Hazy on the concept

Today's spam offers to sell me the following software:

Adobe Acrobat 6.0 Professional
Adobe Photoshop CS 8.0
Adobe Premiere Pro 7.0
Macromedia Director MX 2004
Macromedia Dreamweaver MX 2004

All programs are full working versions and include serial numbers to install and run. All copy protection has been removed so you don't need to register them. This is the best software deal on the web!

How much? "400 percent discount," they say. Assuming that these packages sell in aggregate for, say, $1500, does this mean they're going to cut the total price by six thousand dollars?

If nothing else, this demonstrates that spammers and people who buy from spammers occupy the same rung on the intelligence ladder, and it's not very damned far off the ground.

Permalink to this item (posted at 8:20 PM)
21 May 2005
Fraud alert, it says

This phishing attempt is just so much fun:

eBay Fraud Mediation Request
Date: Thu, 21 May 2005

You have recieved this email because you or someone had used your account to make fake bids at eBay. For security purposes, we are required to open an investigation into this matter.

Well, let's see. Somebody at eBay would likely know (1) how to spell "received" and (2) that the 21st of May wasn't a Thursday.


Fraud Alert ID CODE: 00937614
(Please save this Fraud Alert ID Code for your reference.)

To help speed up this process please click here:

I need hardly point out that "acces-ebay.com" is not a real eBay domain. And if this were a secure server, it just might specify https: in front of the URL.

This was actually sent from Geolocation, which is not particularly reliable, puts it in Dallas.

I mention all this mostly for the benefit of Googlers and similar searchers, since it's highly unlikely I'm the only person who's ever going to get this. And I continue to urge that phishers, once caught, be filleted on national television.

Permalink to this item (posted at 1:42 PM)
5 July 2005
Brief interruption

We pause in this travel narrative to bring you the following announcement:

Anyone who uses the domain www.unitedinchristchurch.org for online poker is doubly scummy and deserves to be crucified horizontally.

While rotating over a gas grill.

Can anyone recommend a marinade that attracts fire ants?

Addendum: The corksoaking iceholes struck again around noon. I am killing all pingability for anything posted prior to 3 July. If you actually link to one of the pre-WT05 stories, send me email and I'll put it in manually when I get a chance.

Another addendum: Courtesy of Fistful of Fortnights:

Comment Spam Mogul and admitted thief of blog content gets angry when his blog suffers a spam attack.

Well then. Thanks to this fellow and his unsavory colleagues, bloggers must repeatedly scrape these barnacles from our blogs on a daily basis if not more often. Now this poor guy expects sympathy?

I'll be happy to donate some wood for the crucifixion.

Permalink to this item (posted at 7:38 AM)
11 September 2005
Phish right at your ear

Today's bogus letter not actually from PayPal claims that the service will now actually call you on your cell phone every time there's a transaction as "fraud prevention," of course. Needless to say, you're supposed to key in all your PayPal information plus your wireless number to this handy site.

Which site, incidentally, is msg-paypal.com, owned, says joker.com's Whois, by a fellow up in British Columbia, and created, by chance, just yesterday.

Just one more way SMS is becoming the Scammer Message Service, I suppose.

Permalink to this item (posted at 12:06 PM)
3 October 2005
The grammar blows, too

An email that made the rounds:

There are many individual Bloggers earning over $100k per year we can show you how to possibly achieve this through your own personal blog.

Um, no, you can't.

(Via Doc Searls.)

Permalink to this item (posted at 6:18 AM)
26 October 2005
Thieves getting nervy

Jan reports on a new scam to separate you from your credit line:

The caller then says, "I need to verify you are in possession of your card". He'll ask you to "turn your card over and look for some numbers". There are 7 numbers; the first 4 are part of your card number, the next 3 are the security numbers that verify you are the possessor of the card. These are the numbers you sometimes use to make Internet purchases to prove you have the card. The caller will ask you to read the 3 numbers to him. After you tell the caller the 3 numbers, he'll say, "That is correct, I just needed to verify that the card has not been lost or stolen, and that you still have your card. Do you have any other questions?" After you say No, the caller then thanks you and states, "Don't hesitate to call back if you do", and hangs up.

You actually say very little, and they never ask for or tell you the card number. But after we were called on Wednesday, we called back within 20 minutes to ask a question. Are we glad we did! The REAL VISA Security Department told us it was a scam and in the last 15 minutes a new purchase of $497.99 was charged to our card.

Well, not her card, actually; she's just passing on a report.

The CVV is three digits on the back of your Visa, MasterCard or Discover Card, or four digits on the front of your American Express Card. This number is based on the information in the magnetic strip of the card, and cannot be derived from the account number itself; this is why thieves will try to get it out of you, since if they have both the account number and the CVV it will be assumed that they have the actual card and purchases they make will most likely not be questioned. (And if the merchant requires the CVV, as all online merchants really should by now, there's a 1-in-1000 chance of someone guessing it.)

Permalink to this item (posted at 4:16 PM)
30 October 2005
Hope is the thing with spammers

This spam is titled "Dating site for sexoholics," and reads as follows:

"Where love reigns the impossible may be attained" a insightful man once said:

And briefly you can discover happiness for yourself as well, without the pointless dates;-D

If its just a One-Nite stand or maybe something more serious, you'll obtain it here;)

The link is to something called hope-to-get-laid.us, whose WHOIS information may charitably be described as imprecise.

And if I want to go out on a pointless date ... um, never mind.

Permalink to this item (posted at 12:03 AM)
11 November 2005
It's absinthe but also decathlon

Now that would be one hell of a drink, if it existed; but it's just a combination of random words that wound up as the subject to yet another email stock tout. The actual text was sent as a GIF file, which is always annoying. For your amusement, I reprint the last paragraph, to the extent I can decipher 5-point type:

Penny stocks are considered highly speculative and may be unsuitable for all but very aggressive investors. This Profile is not in any way affiliated with the featured company. We were compensated 3000 dollars to distribute this report. This report is for entertainment and advertising purposes only and should not be used as investment advice.

In this case, it's being used for entertainment.

Permalink to this item (posted at 5:13 PM)
15 November 2005
Overly generous

Nothing particularly unusual about spams offering to embiggen the dingus, but one I got today (from the highly-dubious "Product Reviews and Ratings") contained a come-on that shook me slightly: "Did you know 67% of women are not happy with you"?

My immediate reaction, even before pressing the Delete key (and wondering how this thing got through my filters), was "Only two-thirds?"

Permalink to this item (posted at 5:38 PM)
31 December 2005
Nastier phish

Here's a new ploy from the scammers: a fake eBay message claiming that you haven't paid for an item won at auction, and providing a handy link to communicate with the upset seller. (Nice touch: "Responses sent using email will not reach the eBay member. Use the Respond Now button below to respond to this message.")

Of course, that button actually takes you to a non-eBay site which steals your ID information, in this case 1st2respond.net. (Incidentally, the address and telephone number given in Whois do not match up; the LAX area is not in area code 661. I'm guessing here that the domain registrar, namecheap.com, is there, but the phone number is an answering service somewhere else.)

Incidentally, this is the item mentioned in the scam; it was in fact paid for, and the buyer was given positive feedback by the seller.

Update, 2 January: Got another one, this time with the domain 1host4profit.com.

Permalink to this item (posted at 11:53 AM)
24 March 2006
Appealing to greed

Get $20 for completing our survey, said the subject line, and, well, I just had to look a little closer:

Dear Valued Customer,

You have been chosen by the Chase Bank online department to take part in our quick and easy 5 questions survey. In return we will credit $20.00 to your account Just for your time!

Helping us better understand how our customers feel benefits everyone. With the information collected we can decide to direct a number of changes to improve and expand our online service. The information you provide us is all non-sensitive and anonymous No part of it is handed down to any third party.

It will be stored in our secure database for maximum 7 days while we process the results of this nationwide survey.

We kindly ask you to spare two minutes of your time and take part in our survey.

To Continue click on the link below:

There follows a link in hex digits which doesn't go anywhere near JPMorgan Chase & Co.

But it's nice to know that the criminal element, even in the process of thinking up new ways to rip off the general public, is concerned about privacy issues. "No part of it is handed down to any third party," indeed.

Permalink to this item (posted at 1:42 PM)
10 April 2006
Present at the creation

It's a whole new fiction genre: the Charismatic Russo-Nigerian Serial Epistolary Novel, which we pick up in section 4:19:

I am Mr. Felix Ogorika, the Personal Lawyer of late Mr. Petrovich Nazarova, a Russian Businessman that lived in my Country Nigeria for 22 years before he died in the plane crash last year. He was a very good Christian, he is so dedicated to God but he was not married nor had any child till He died, may His soul rest in peace, Amen. Throughout His stay in my country, he acquired a lot of properties like lands, house properties, etc.

As his legal adviser, before his death, Mr. Petrovich Nazarova, instructed me to write his WILL, because he had no child, he dedicated his wealth to God. According to the WILL, the properties have to be sold and the money be given out to a ministry or individual for the work of God. As his legal adviser, all the documents for the properties were in my care. He gave me the authority to sell the properties and give out the fund to a Ministry or individual for the work of God.

Brother Felix is of course awaiting a favorable response.

Permalink to this item (posted at 10:39 AM)
23 April 2006
Language barrier

Some things need no translation. The synthesized-calliope version of "Pop Goes the Weasel," heading across the block as I write this, inevitably heralds the arrival of the Ice Cream Man, and no words need be spoken until you hand over too much of your allowance in exchange for something that, given the 90-degree heat today, will melt down your wrist.

On the other hand, this passage at the bottom of a spam (titled "Babes inside your city") is mystifying:

This subject matter was broadcast to you because your-person asked for to be imparted of knowledge of offers from either us or one of our-person collaborators, if your-person do not need to encounter extends from ourselves once again please interact with us at this cursor.

So far as I can tell, this is the standard (and usually futile) opt-out clause fed through Babelfish a couple of dozen times.

Permalink to this item (posted at 3:04 PM)
4 May 2006
The proper use of Googlebait

Of the last 41 pieces of MT-related spam to come through, 40 of them have pointed to something called drugsb.com.

I mention this just in case you might be Googling about for information about this particular firm. And I have no such information, except to point out that someone working on their behalf has spammed me incessantly, and to note that if there were left on planet Earth only one dose of the one miracle drug that would save me, and that they had it and were offering to sell it to me for 49 cents, and that they would have Monica Bellucci in a towel deliver it to my door at no extra charge, I would still rather die.

Permalink to this item (posted at 1:37 PM)
15 May 2006
Yet another odd angle

A number of spams have come in recently in which the first part of the URL you're supposed to visit is enclosed in angle brackets. (Example: http://<G8>.evildweebs.net.) This is easy to filter out, but I don't see what advantage it gives the spammer: there's nothing concealed behind it, even if you pull up the raw message text, and so far as I can tell, it doesn't translate to binary or hex code or any of the other asinine tricks commonly used to obfuscate URLs. (The string enclosed in the brackets might be interpreted as an HTML tag, of course, but I have yet to see one of these with an actual HTML tag as an enclosed string.)

One of the mysteries of life, I suppose, along with why we don't shoot these people in the first place.

Permalink to this item (posted at 7:10 AM)
5 June 2006
Evolving toward the land shark

Evidently the take from the Nigerian email scam wasn't enough, so the scammers are now escalating: they're sending actual mail.

From the standpoint of economics, this makes no damned sense at all:

[E]mail's cheap, postage isn't. You can send out a million emails for pennies; on the other hand, the number of letters you'd have to send out to make this scam work would soak up any profit you'd make off of the lone sucker. What?s next? Singing candygram?

Then again, it takes only one finger to push the Delete key; you've got to use both hands to tear up a letter. (Unless you're unusually gifted, dexterity-wise, in which case ... um, never mind.)

Permalink to this item (posted at 9:38 AM)
21 August 2006
Proactive scum

When I switched to Movable Type back in 2002, the system numbered each individual archive, starting with 000001, and assigned a similar series to TrackBacks, though inasmuch as I didn't implement TB until a couple of hundred posts were in place, the numbers for posts and TBs don't match up. None of this presented any particular problem.

Then I popped open the Junk TrackBack folder this morning, and there was a TB to a post I hadn't even published yet. (This one, in fact.) Obviously they were just trying numbers to see what would stick, and of course it didn't actually get onto the site, but this is a definite drawback to the numbering system. Newer versions of MT allow post titles to be worked into URLs, and TB links are named accordingly; I didn't switch over when I installed version 3.2, for the sake of consistency. It would be, I assume, harder for a spammer to anticipate a post title than a post number. (Then again, I've had some fairly predictable post titles over the past four years.)

Permalink to this item (posted at 7:32 AM)
This Archive continues here.
The Finch Formerly Known As Gold

Click the Permalink on an individual entry to read comments and TrackBacks if any