Saturday, September 15, 2007

Scam Bank Email : Bank of America Customer Service

Jerks. These scammers have sent an email, posing as Bank of America, and their pitch is that their computers have been broken into, and to secure yourself, you had better click on the link below. Which is the least secure thing you could do! If you click on that link, the link may drop cookies onto your computer and record keystrokes you have typed in for passwords and addresses and such, or you will be frightened into providing personal information right into their hands.

For whatever reason, the scammers did not send the email straight from bankofamerica.com. The email address, as shown below, says bankoffamerica.

Here's the scam email (which is not from Bank of America):
from: boasdas@bankoffamerica.com

"We recently have determined that different computers have logged onto your Online Banking account, and multiple password failures were present before the logons. We now need you to re-confirm your account information to us.

If this is not completed by September 16, 2007, we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes. We thank you for your cooperation in this manner.

To confirm your Online Banking records click on the following link:

http://203.121.164.2/onlineboareciew.html

Thank you for your patience in this matter.

Bank of America Customer Service

Please do not reply to this e-mail as this is only a notification. Mail sent to this address cannot be answered.

© 2007 Bank of America Corporation. All rights reserved."

This is a scam and false email. Do not click on anything. If you can, hit "Report as spam" in your email program and be done with them!

Sunday, September 9, 2007

Dramatic Bogus Wholesale Order for Small Designer

A designer emailed with a wholesaling scam that happened to her. Having an online shop means that random people can contact you all of the time wanting free things aka "a sample" or product as a reduced cost. They sometimes pose as shop owners who'd like to buy some pieces of your line. And if you're new, these first emails are usually exciting. It's common to get people who are "planning" on opening a shop and are feeling the waters. Some are legit business people doing their research, while others are people who want to cheat and pay lower prices for items for themselves, and not to sell to the public.

Here is a scam where the scammer is brazen and risky, and the Scam Target did her homework:

"I had a woman contact me, posing as a buyer. She wanted to place a small order (below my minimum $300) to try out my line in her shop. Her first email asked if I had received her earlier fax and email -- she contacted me in May I think. I said no but she should resend. Usually I'm pretty accommodating and understand small boutiques don't always have a lot of space for a big collection but when she only ordered about 4 pieces (not on a formal order form) and the order set off some red flags for me:
  • 1. She wanted them shipped to her home address.
  • 2. She never gave me a phone number and said she preferred to use email.
  • 3. It wasn't until the third email (after I asked in the first two emails) she told me the name of her shop, where she was located and what she carried.
  • 4. She only ordered 4 pieces claiming money was tight at the time. Said she was interested in placing a few small orders and that she was looking forward to a "fun new theme."
  • 5. I googled the shop she said she was from (in Illinois somewhere) and the shop seemed pretty big -- similar to her description but not exactly and definitely a store that would have no problem making a $300 minimum.
She didn't contact me for 2 days after I responded to her order suggesting she order a few more pieces to at least create a decent display. Less than 6 pieces, I explained, are hard to sell and look a little funny, even in the smallest store. So, I called the shop and asked for her...No one had heard of her. Then I called information, and called her at home (why is a store owner of a small boutique at home on wednesday at 4 pm?)...she claimed her shop was in St. Louis now and didn't know about another shop by the same name nearby to her in Illinois. She canceled the order quickly and hung up on me!

I called the shop and told them that someone was committing fraud, using their name and posing as a buyer, they called the police and the detective who called me said she kept on telling lies (first she had never heard of me or the shop--then she said she was PLANNING on opening a shop, then she said she had an ebay shop (which doesn't exist). Just before she was busted, she sent me a long email back about how I was an idiot for calling that shop and "what are you, so desperate for buyers that you'd call me at home, especially after me and my husband had suffered a terrible loss in the family this week...etc.etc. -- i loved that part) She just wanted some discounted jewelry I guess.

So lesson here is: If someone doesn't give you their shop's name and a phone number when you ask, don't do biz...email is good for some things but sometimes the phone is easier and better for business. The end."


Another designer offered some advice on how she handles wholesale calls:
  • Always ask for a tax id and shop info before sending out a wholesale brochure.
  • Google the shop and address to see that it exists plus check out their web site - what shop doesn't have at least a place marker.
  • Even if they say they are planning on opening a shop and don't have a tax id then wait until they do. This has fended off a few bogus buyers.
  • Trust your gut feelings and make the calls to verify a potential buyer.
  • Always get billing info at the time of order.

Friday, September 7, 2007

Multiply :: Desktop Wallpaper Thieves!!

In trying to make the world a prettier place, I created desktop wallpaper. All of the wallpapers are for the time being, free. If you would like a wallplaper for you Multiply blog, or any other blog, contact me by leaving a comment on this post with your email and I will send you the proper file. Here are you choies.

A little birdie today chirped a most disappointing breach of online manners: the blog company called Multiply copied the code that is hosting one of my desktop wallpapers and provided it to a blogger who has a blog through their system. No one emailed me to ask for permission to use this wallpaper or offered to link back to my site. The most troubling part about this issue, however, is how Multiply sees no problem with letting its users steal my bandwidth to host this wallpaper. I'm glad people like the design, but it's not very nice to 1. not ask to use it and 2. use my bandwidth to host it.

Here's a picture of how Multiply is giving away my design without my permission:

multiply is an unethical blog providing company

The sucky part about this is that if you look real close at that code, which you probably cannot see, they are not only giving away my design without my permission, but they are providing it from my website (versus if they were to host it on their servers), which means that the bandwidth I pay for is now powering my wallpapers to show up on other sites as backgrounds, which is called hotlinking. As flattering as that is, to have my design lifted and used, it's 1. thievery and 2. costing me more money in bandwidth the more people are using my bandwidth for free (aka on my dime). I'm glad they like my designs, yet I would much prefer a request of permission at the very least. It's only polight. Thank goodness I put my copyright and website at the bottom of the design.

A trusty programmer helped and installed hotlink protection onto my site to prevent people from posting images that are not hosted on their sites, but on my site. Otherwise, every time an image displays on their site, that is actually pulling the image from my site, it's my bandwidth that gets sucked.

Rascal, thieving, bastards.

Thursday, September 6, 2007

Confession from an Email Collecting Spammer

This is one of my favorites. I don't know if it will get any better than this. And I'd better duck in case the guy comes after me again.

Long ago, I got a blogger type email. As a blogger, sometimes we get emails from blog directory websites saying you've been included in the directory, bla bla bla. This email said this:

From: blogger@teamblogs.com
Please click here to view blog entry. (The spammer provided a link for me to click on. But what do we not do with links in emails we don't know? We don't click them.)
The blog entry would have been sent directly to your e-mail, but it just wouldn't do it justice.
Seeing it in html format via your internet browser allows for a more personable touch. =)
We like to keep our bloggers happy and eager for more. (Another ick - I'm not one of 'his' bloggers.)

-Team Blogger

Ok. This is a little ploy to entice me to view a "pretty" graphic email that the spammer isn't able to send to my email. Which is another lie, as he later explains (see his confession below). Sending legitimate graphic emails is very possible using a good, legitimate, and legal emailing company, like Vertical Response, MailChimp, or Constant Contact, all good, trusted companies who enforce strict policies on how to send a legally formatted email, on behalf of their clients, to people who are expecting said email.

But this spammer wants me to click on the link he provided to view what would be his email (he explains below why he does this...which is to get me to view ads that the legitimate companies don't allow). But - say it with me - we don't click on links in emails we don't know. Why? Because I hovered over the link to see where it was going. In Gmail I can do that because it's online. Don't click, just hover. It was going to this scary place:

http://www.outhouseprices.com/email.html" target="_blank

That means you're about to go to www.outhouseprices.com. WHAT? Exactly.

This Team Blogger guy keeps track of his publicity, most likely through Google News Alerts. A Google News Alert lets you punch in a term you want to be informed about, and then it sends you email notifications about when that term was on the Internet somewhere. Whatever his method, my publishing of his bogus email came across his desk. And he emailed me. Actually, he didn't email me. He commented on an unrelated post on another blog of mine. I didn't publish the comment, because he had linked things back to his website, which is a free way for him to create links to his website and give him legitimacy. An act I did not want to allow.

Here's his comment:

"You were right, there is no teamblogger! You caught me!!! I was using a program called Maxprog, a mass email program that can send mass emails without looking like a spammer to the servers that automatically detect them. In case you don't remember what I'm talking about, remember outhouseprices.com! I made it, and I'm trying to promote it, and a nice effective-cheap way to do this is by mass emailing people who are stupid enough to put their actual email address on the internet for search engines to read. Not that I'm calling you stupid, after all, you did realize that I was actually a spammer... however, I was being truthful when I told the reader's that, "Reading it in an e-mail didn't do it justice." You see, I wanted to include advertisements in my email's... so that I can make money. When one would click on it, no email's would have been saved, and nothing bad would have happened... all that would have happened is that you would have gone to a website... this one to be exact: http://www.outhouseprices.com/email.html

It just makes it so that my readers can actually see the advertisements that g-mail, yahoo, hotmail, and all the rest blocks out. No harm, no foul. It's called java-script btw... just if you were wondering, "What is this computer gibberish he speaks of?!" I would greatly appreciate it if you would educate yourself before you give my business a bad name for all to see. It's just unethical. Sorry for the "spam" you received, I'll be sure to remove you from my list.

Thanks for the bad publicity. Much obliged. "

And he ended it with a Guilt Dart. After explaining his methods, and I always love hearing how something works, he explained that I was in the wrong to expose him. In business, it's always helpful to have a good product, right? Build it and they will come? Why the need to cheat and make people upset by tricking them into viewing your product? Which may not even be a product at all, but another trick to get you to click on advertisement links that pay him $.0035 per click? Yeah.

Fake Domain Registry of America Domain Transfer "Order"

This one is not so much a scam, as it is a reverse way to get you to order something. I experienced this over the phone once when I was a secretary. Someone calls you and makes it seem like you need to fax them an invoice for a product you need to order. It was from a toner company - copier "companies" are notorious for making things up. As are domain registry companies. And trademark companies for that matter, but that is for another blog post.

This blog post is to expose the ever persistent Domain Registry of America. Their tactic is to email you about your domain registry. This means, if you buy www.mywebsite.com, it is registered somewhere. Legit registrars are Dotster, GoDaddy (although they are annoying), Network Solutions, etc. There are tons of registrars out there, but those are some of the better known ones. You always have the right to "transfer" your domain for whatever reason. Sometimes your original domain registrar company will fine you, sometimes not. But, it's a common thing to transfer your domain. Sometimes you just want to consolidate all of your domains under one registry roof.

Domain Registry of America, I think, also sends these notices out by snail mail. If you have registered your domain and included your address, then anyone can easily pick up your address from the WhoIs database and contact you. They want your business. Instead of asking you to transfer your domain to them, which would be the polite thing, they "thank" you for requesting a transfer. A request that you of course never made.

Here's a typical email from Domain Registry of America to trick my friend at a company I used to work for. This is about the 20th time my friend has received this email.

NOTE: I deleted names and actual domains to protect the innocent.

To NAME,

Thank you for choosing to transfer and renew yourwebsite.org with the
Domain Registry of America. Upon testing your current administrative email
address yourname@yourwebsite.org we have not been able to contact you to
complete your transfer and renewal with Domain Registry of America. This may
be because yourname@yourwebsite.org is no longer in use, or misspelled. Your
current administrative email address must be valid in order to complete the
transfer and renewal process.

If these changes have yet to be made, please follow the directions below, to
have the administrative email address corrected. Failure to do so will
prevent you from being able to transfer and renew your domain name with
Domain Registry of America. Call your current registrar and have these
changes made to your administrative email address.

Your current registrar is DOTSTER, INC..

1) Introduce yourself as the person responsible for the domain name
yourwebsite.org

2) Ask them to change your Administrative Contact email address to the one
you are now using. (You may be asked to present them with personal
information, so that they may confirm your identity as the owner) (Here is where Domain Registry of America basically guides you in requesting a domain transfer to them - a thought that never occurred to you until they told you to do it.)

Please note that, unfortunately, Domain Registry of America cannot make
these changes on your behalf. (No sh#* Sherlock) Only the owner of the domain name is
authorized to make these changes.

Up to this date your changes have yet to be reflected in the WHOIS database.
If this is your first notice please follow the directions above, otherwise
this is to serve as a reminder.

As a convenience, we have supplied your current registrars phone number
below. (Yeah, because they want to steal from your registrar your business, who in this case is Dotster)

Domain: yourwebsite.org
Current Registrar: DOTSTER, INC.
Registrar Phone Number: 360-397-8707 (Phone) or 360-253-2210 (Fax)


Thank you,

Renewals & Transfers Department
-Domain Registry of America
Toll free 1-866-434-0212 or for International Callers, dial +1(905)479-2533

Please have your Domain Registry of America order number (#1475377) ready
when calling

So. This is an attempt to steal your business by letting you do all of the work. That's why it's not really a scam, it's a manipulation. It's a manipulation of someone who is not super savvy with domain registrars, who doesn't want to be super savvy with domain registrars, who shouldn't be super savvy with domain registrars. It's a manipulation of someone who trusts a website professional to tell them what to do. So this website professional, and you can call me Scam Awareness Bloggerette, is telling you to delete this email. If you can, press the Junk button on it so that maybe it will be reported to your email company, and your Outlook or gmail or whatever your email program is will block other emails from coming from Domain Registry of America.

Sunday, September 2, 2007

Bank Scam Email : LinkWeb and First National Capital Bank

For the record, this bank scam email described below is not from First National Capital. It is from imposters.

This bank scam had me going. I was blogging about it late at night, when I get tired and lower my guard, so I got paranoid and vowed to get a credit check in the morning. Luckily, I remembered to call First National Capital Bank of Omaha to verify my "account" that didn't accept the transfer. Here's the contact info if you need it: 1-800-228-4411

I got the website by Googling First National Capital. I'd never heard of it, not being from Omaha and all. I did not click on a link from the email. No no no. I did a search, found First National's website, and called a phone number. When the female customer service person asked for my information, I declined to give any, stating that I never had an account there. I told her about the transfer that apparently failed in my name. She was transfered my call to someone, who transfered me to a third woman who gave me the answer I was looking for. She knew of the scam email to "phish" or trick people into giving personal data by clicking on a special link that was set up by the scammers, which can plant "cookies" and other bad things into your computer to either lift information from your computer, as well as have you enter personal data like your social security number, bank number, pin number, phone number, etc etc. So to be sure, it was not sent by First National or LinkWeb. In fact, First National is investigating the fraudulent scam email.

Here's what the email said:

The email address that sent this: laserone@fnni.com
Who it "Says" it's From (this could be anything, so it's easy to lie): LinkWeb support
Subject: First National Capital Markets

"Dear Member!

Thank you for choosing Treasury LinkWeb service. Unfortunately there was a problem in processing your last transfer information for August, 2007. Please review our requirements at Treasury LinkWeb account management. You will be able to update your transfer information quickly and easily if using our secure server web form. You should understand that without prompt updating your private information, your Treasury LinkWeb service service can be discontinued. To update your information right now, please visit our secure server web form by clicking the hyperlink below.

We appreciate your business and hope to keep you as a customer for life.Treasury LinkWeb service is so easy, so no wonder it's number 1!

The products and services provided by the site you are entering are part of the First National Bank of Nebraska Corporate family."

Here's a picture of the email. It shows the link. It also shows that my gmail did not display the images set in them email. This is good. Enabling the images to display might trigger other cookies to do bad things. So, if you don't know who the email is from, it is best not to display images.

first national bank scam phishing email

Moral of the story: don't ever respond to bank emails asking to verify your information.

The Post That Started it All

I wrote this post a while ago on typical Craig's List scams, but the response from people was unexpected, leading me to create this blog to reveal these types of repeat scams. Here it is:


Who falls for this?? I posted my Pottery Barn rug on craigslist today. Here's what I've gotten. Normally, I get these in my Gmail account and I click "Report As Spam" for them. But maybe going public with whatever contact information will have more effect. Keep in mind, I list my price in the ad.

From curtis_wright001@yahoo.com:
My name is Curtis located in Las Vegas, NV.

I saw your advert on your item at craigslist.com and Its exactly what I have been willing to purchase for long now. And I am extremely Interested in it.

Please let me know the final asking price and also If you are willing to sell for, I am giving you $100 extra for deleting the advert from craigslist before anything else.

Regards.
Curtis Wright.
8687 W Sahara Ste #108
Las Vegas, NV 89117
775-418-9488

Does Curtis seriously think I am going to A. Delete a posting EVER until it is out of my hands and cash has replaced it and B. Will he seriously pay for shipping from NY to NV? For an 8'x10' rug? No. And I love how he is "willing" to purchase something. Like I'm twisting his arm.

From t_miller01t@yahoo.ca:
Hello Seller
I am a legitimate business-man and I base in Canada ,i came across your advert on www.craigslist.org and i am highly,interested in buying the (Pottery Barn Rug ) which you offer for sale.Due to the fact that it's been a long that have been searching for it ,Kindly get back to me as soon as possible with the necessary answers to these questions that have in mind ,Are you the real owner? The present condition? And your final asking pric?,Furthermore I will like you to know that my form of payment is through a Money Order..
I await your urgent response so that we can proceed further....
Best Regards
Mr.Tony Miller...

My favorite part is how he is a "serious business-man." And maybe he taken a note from Steve Martin's Pure Drivel by refusing to use periods? At least I think that's how the sketch went...sooo funny.

Here is one of my favorite craigslist scams from when I was selling my little Nokia phone:
From smithwess_43@yahoo.com:
Scammer:
Hello Sir/Ma'am,

I want to know if this item is still avaliable for sale.contact me Asap with your firm price.

Me:
It is still available, and $50 is the price.

Scammer:
Hello FashionMista, Thanks for your prompt response to my inquiry for your item.I will get back to you later with my payment option. Thank you Smith.

Me:
Hi Smith, If by "option" you mean type of payment, I only accept cash at the time of the exchange of the item. Best,


Scammer:
hello fashionmista, Am not confortable with that,i have been robbed before in this type of exchange.I'm in wisconsin right now but I'll be leaving for london for a soccer coaching job in a week time.The ITEM is for my son's BIRTHDAY gift who travelled to spend sometime with his mum where she works in the US consulate in west africa.I'll have to add some extra for you to send it to him as soon as possible.I'll be paying you through Stormpay money order as soon as you make your decision i will pay you $95 for the item and shipment fee; it's secure and protects two parties in a transaction.Let me hear from You ASAP. Smith, Phone (915)-808-3485

Me:
Hi,
No offence, but this is a classic scam attempt. Please don't do it in Craig's List. It litters the site, which is filled with either honest people, or people connected to Africa in some way. Oddly, it is also filled with men looking to buy their sons electronic equipment. If you are truly in Wisconsin, and if your story is actually true, then you can pay online, like any other customer with an ecommerce transaction in an online store, and the item will be sent to you. I run a store online, and this is the way it works. If you are genuine, you may pay via paypal, the invoice of which I can send you. With payment, which would include shipping to wherever you need it, I can send the phone. If you are not interested, or if you are going to suggest some other means of payment for your own attempts, then do not reply to this email. If you do, I will report this email address as spam for your inconvenience.

That is all.

Of course, Smith never wrote back. He is also the second person I got seeking to buy their son a piece of electronic equipment. The first time it happened was when I was selling a little digital camera. Although I fell for that one, and thought it would be a "perfect gift." No more!

So, now you know. Don't click on links from emails, and don't do money orders ever to anyone.

Spammy Scammers :: Defeating scams one spam email at a time

This blog has been created to defeat scams of many forms that mainly come through emails. Be them scams from Craig's List (ex: "I am from Nigeria and am desperate for your product. I will send a money order for 400x the amount of your product, and you will..."), from "banks," false email collectors, and so on and so on.