Two things:<\/p>\n
1. I know this is spam
\n2. I know the kind of folks who this is targeted at<\/p>\n
Anyway, a lot of folks have asked me “how do I know if something is dodgy?” It can be a difficult question to answer as a lot of IT “things” are intuitive, it’s obvious. But end users (friends too) don’t want to hear that, they want to know what they can look out for. <\/p>\n
Sometimes it’s easy, sometimes end users (and friends) visit dodgy sites, downloading toolbars on they way. Here’s a tip, if a web-site opens a pop-up window and offers you a great new search toolbar, ignore it, click on the red close icon in the top left of the pop-up (or, better still, shut the machine down). The same goes for anything that offers to rid your machine of adware, spyware or other such nasties: it’s very likely that your machine was relatively free from such things…until you click “yes, please scan my computer for adware, etc.”<\/p>\n
I’m working on a rather lengthy article\/blog posting that covers my suggested security tips, but to keep my writer’s block from setting it, I thought I’d push this out now. <\/p>\n
Here’s a typical example of a dodgy e-mail…my comments are in bold italic<\/strong><\/em>…they should be enough to get you started.<\/p>\n \nReturn-path: < VERNUS MILLIONAIRE LOTTO TO WINNERS IN OUR PROGRAM<\/strong> PROGRAM? Surely PROGRAMME?<\/em><\/strong><\/p>\n Good day, <\/p>\n This is Mrs Rita Moore the Director of vernus <\/strong>Millionaire Lotto in the NETHERLANDS<\/strong>. Vernus Millionaire Lotto is an independent lotto<\/p>\n Suddenly, vernus is lower-case, previously it was sentence-case<\/em><\/strong> organization <\/strong>in the Netherlands that is conducting several online lotto programs on the internet. However,we wish to congratulate you<\/p>\n it’s organisation here in Europe, thank you<\/em><\/strong><\/p>\n over your success in our computer balloting sweepstake held on 20th August,2005 in which your email address attached to ticket number Throughout this e-mail, there is no space after each comma: there should be! If this was legit, the use of language would be spot on.<\/strong><\/p>\n $1million dollars credited as Bond into your security file LOTTERY REF NUMBER Amt\/nt\/423275\/01 with our security agent. This amount The give-away. If you believe this, please cut up your credit cards now!<\/em><\/strong><\/p>\n Please note that this winning is very The Dutch speak and write better English than some of us…<\/em><\/strong><\/p>\n one of the websites we are running over the internet concerning our lottery programs in the Netherlands.<\/p>\n http:\/\/www.lotto.nl\/lotto\/execute\/intro?node=lottointros&default=lottorootnode&ad=0<\/p>\n However,to begin your claim,being non-netherlands resident or citizen,you are required within two days <\/strong>to officially notarize your<\/p>\n uh oh, you want me to go to The Netherlands in person? Surely you’ll just bash me over the head with a baseball bat, take my passport, my Euros, my cards, etc. and leave me with nothing but a sore head?<\/em><\/strong><\/p>\n winning claim at the Dutch Court of Justice in the Netherlands to sign the Release Order and the clearance papers that will enable the MR.CURTIS LUCAS Wot, no street name and postal district?<\/em><\/strong><\/p>\n TELEPHONE: +31-622851045 fsmail.net – hang on, a consulting agency, I think not!<\/em><\/strong><\/p>\n Conclusively,vernus Millionaire Lotto is not a scam organization therefore this mail should not be treated as a scam scheme or be That’ll be right. Not a scam, not to be treated as a scam scheme…yeah yeah. Pull the other one, it has got bells on.<\/em><\/strong><\/p>\n Remember that all prize money must be claimed not later than 7 working days. After the last day, all funds will be returned as unclaimed. Sincerely, This mail was sended <\/strong>with unregistered <\/strong>version of Zmei Mail Sender.Visit http:\/\/www.zmei-soft.com for free download of Zmei Mail<\/p>\n “Sended” – wrong tense, another giveaway!<\/strong><\/em><\/p>\n Unregistered? What? A huge commercial lottery outfit like this? Surely they would have their own domain and their own e-mail software. More evidence.<\/em><\/strong><\/p>\n Sender.<\/rmoore><\/p><\/blockquote>\n If you receive an e-mail with any of these characteristics, I suggest you delete it without so much as a second glance (I take no responsibility if you delete a legit lottery winning notification!) <\/p>\n Better still, I can recommend a program that can weed out such spam and prevent it from getting into your mailbox in the first place: check out MailWasher Pro<\/a>. It “sits ahead” of your e-mail client (application) and uses known databases of spam to intelligently mark incoming e-mail as either legit or possible spam: it’s a boon if you’re still on dial-up.<\/p>\n Technorati Tags: MailWasher<\/a>, MailWasher Pro<\/a>, spam<\/a>, recognising spam<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" It never ceases to amaze me what spammers think other folks will fall for…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[102,103,104],"class_list":["post-123","post","type-post","status-publish","format-standard","hentry","category-general","tag-mailwasher","tag-mailwasher-pro","tag-spam"],"_links":{"self":[{"href":"http:\/\/www.craigmurphy.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/123","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.craigmurphy.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.craigmurphy.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.craigmurphy.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.craigmurphy.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=123"}],"version-history":[{"count":0,"href":"http:\/\/www.craigmurphy.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/123\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.craigmurphy.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=123"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.craigmurphy.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=123"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.craigmurphy.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=123"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}rmoore @lotto.nl<\/strong>> there’s a space after the ‘moore’ and before the ‘r’<\/em><\/strong>
\nReceived: from punt-3.mail.demon.net by mailstore
\n for
\n Mon, 22 Aug 2005 12:48:06 +0000
\nReceived: from [194.217.242.77] (helo=anchor-hub.mail.demon.net)
\n by punt-3.mail.demon.net with esmtp id 1E7Big-0000Uk-Lm
\n for
\nReceived: from [217.158.187.220] (helo=drake.uknoc.co.uk)
\n by anchor-hub.mail.demon.net with esmtp id 1E7Big-0002rC-Ik
\n for
\nReceived: from [84.246.8.20] (helo=rmoore@lotto.nl<\/strong>) no space<\/em><\/strong>
\n by drake.uknoc.co.uk with smtp (Exim 4.52)
\n id 1E7Big-00087e-RE
\n for
\nFrom: “Director Moore”
\nTo:
\nSubject: Congratulations: Vernus <\/strong>Millionaire Lotto winner !!! Sounds like a famous name UK-based gambling group…<\/em><\/strong>
\nMime-Version: 1.0
\nContent-Type: text\/plain; charset=”iso-8859-1″
\nDate: Mon, 22 Aug 2005 14:48:09
\nX-AntiAbuse: This header was added to track abuse, please include it with any abuse report
\nX-AntiAbuse: Primary Hostname – drake.uknoc.co.uk
\nX-AntiAbuse: Original Domain – scottishdevelopers.com
\nX-AntiAbuse: Originator\/Caller UID\/GID – [47 12] \/ [47 12]
\nX-AntiAbuse: Sender Address Domain – lotto.nl
\nX-Source:
\nX-Source-Args:
\nX-Source-Dir: <\/p>\n
\n23 RIJNWEGSTRAAT,
\nAMSTERDAM,NETHERLANDS <\/p>\n
\nSurely The Netherlands?<\/em><\/strong><\/p>\n
\nLNT456780909893 and drew the lucky numbers 4-10-12-55-25-87,batch number 4978\/NL and consequently won the lottery in the 1st category.
\nThis is a millennium scientific computer game in which email addresses were used and it is a promotional program aimed at encouraging
\ninternet users;so you do not need to buy a ticket to enter for our online lotto program. Note that this program was largely promoted
\nand sponsored by a group of philanthropist, industrialists from the internet ware industry and some other big multinational firms who
\nwish to be anonymous. Therefore,you<\/strong> have been approved for a lump sum amount of U.S <\/p>\n
\nis from the total prize money of $15,800,000 shared among the seventeen international winners in categories C with serial number:
\nIL\/PLW\/18-C0547671754.
\nThis email is not one of those numerous lotto email scams you might have received in the past which always require you to sign out a
\nblank cheque or give out your bank information in order to perpetrate their illicit lotto scams. <\/strong><\/p>\n
\nreal and legitimate and your exercising good faith in this our lottery program will enable us remit your winning funds to you in your
\npreferred mode of payment without any further delay. Therefore,to confirm the legitimacy of our lottery program, the below website <\/strong>is<\/p>\n
\npaying Creft Consulting Agency release your winning funds to you. But in case you cannot come to the Netherlands within the stipulated
\ntwo days,do inform your claim officer to make proper arrangement regarding your claim notarization. Once your claim is fully notarized
\nand a copy of the Notary receipt from the court is forwarded to us,we will provide you with your Award winning Certificate. Please for
\nmore information concerning the claim of your winning funds,we advise you to forward a confirmation email to your claim officer at the
\npaying Creft Consulting Agency and as well follow their claim instructions. Below is the contact details of your claim officer:<\/p>\n
\n(PAYMENT DIRECTOR)
\nCREFT CONSULTING AGENCY
\nAMSTERDAM,NL<\/strong><\/p>\n
\nEMAIL: snipped@fsmail.net <\/strong><\/p>\n
\ntaken for granted,we are backed up by the appropriate lottery law in the Netherlands and only the successful winners in this our
\nonline lotto program receive this congratulation mail and because you won that is why this mail is being directed to you. <\/strong><\/p>\n
\nCongratulations once again from our team of staff and thank you for being part of our promotional program.<\/p>\n
\nDirector
\nRita Moore
\n(Lottery Coordinator)<\/p>\n