1. I know this is spam
2. I know the kind of folks who this is targeted at
Anyway, a lot of folks have asked me “how do I know if something is dodgy?” It can be a difficult question to answer as a lot of IT “things” are intuitive, it’s obvious. But end users (friends too) don’t want to hear that, they want to know what they can look out for.
Sometimes it’s easy, sometimes end users (and friends) visit dodgy sites, downloading toolbars on they way. Here’s a tip, if a web-site opens a pop-up window and offers you a great new search toolbar, ignore it, click on the red close icon in the top left of the pop-up (or, better still, shut the machine down). The same goes for anything that offers to rid your machine of adware, spyware or other such nasties: it’s very likely that your machine was relatively free from such things…until you click “yes, please scan my computer for adware, etc.”
I’m working on a rather lengthy article/blog posting that covers my suggested security tips, but to keep my writer’s block from setting it, I thought I’d push this out now.
Here’s a typical example of a dodgy e-mail…my comments are in bold italic…they should be enough to get you started.
rmoore @lotto.nl> there’s a space after the ‘moore’ and before the ‘r’
Received: from punt-3.mail.demon.net by mailstore
for id 1E7Big-0000Uk-Lm;
Mon, 22 Aug 2005 12:48:06 +0000
Received: from [184.108.40.206] (helo=anchor-hub.mail.demon.net)
by punt-3.mail.demon.net with esmtp id 1E7Big-0000Uk-Lm
for ; Mon, 22 Aug 2005 12:48:06 +0000
Received: from [220.127.116.11] (helo=drake.uknoc.co.uk)
by anchor-hub.mail.demon.net with esmtp id 1E7Big-0002rC-Ik
for ; Mon, 22 Aug 2005 12:48:06 +0000
Received: from [18.104.22.168] (firstname.lastname@example.org) no space
by drake.uknoc.co.uk with smtp (Exim 4.52)
for ; Mon, 22 Aug 2005 13:48:07 +0100
From: “Director Moore”
Subject: Congratulations: Vernus Millionaire Lotto winner !!! Sounds like a famous name UK-based gambling group…
Content-Type: text/plain; charset=”iso-8859-1″
Date: Mon, 22 Aug 2005 14:48:09
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname – drake.uknoc.co.uk
X-AntiAbuse: Original Domain – scottishdevelopers.com
X-AntiAbuse: Originator/Caller UID/GID – [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain – lotto.nl
VERNUS MILLIONAIRE LOTTO
TO WINNERS IN OUR PROGRAM PROGRAM? Surely PROGRAMME?
This is Mrs Rita Moore the Director of vernus Millionaire Lotto in the NETHERLANDS. Vernus Millionaire Lotto is an independent lotto
Suddenly, vernus is lower-case, previously it was sentence-case
Surely The Netherlands?
organization in the Netherlands that is conducting several online lotto programs on the internet. However,we wish to congratulate you
it’s organisation here in Europe, thank you
over your success in our computer balloting sweepstake held on 20th August,2005 in which your email address attached to ticket number
LNT456780909893 and drew the lucky numbers 4-10-12-55-25-87,batch number 4978/NL and consequently won the lottery in the 1st category.
This is a millennium scientific computer game in which email addresses were used and it is a promotional program aimed at encouraging
internet users;so you do not need to buy a ticket to enter for our online lotto program. Note that this program was largely promoted
and sponsored by a group of philanthropist, industrialists from the internet ware industry and some other big multinational firms who
wish to be anonymous. Therefore,you have been approved for a lump sum amount of U.S
Throughout this e-mail, there is no space after each comma: there should be! If this was legit, the use of language would be spot on.
$1million dollars credited as Bond into your security file LOTTERY REF NUMBER Amt/nt/423275/01 with our security agent. This amount
is from the total prize money of $15,800,000 shared among the seventeen international winners in categories C with serial number:
This email is not one of those numerous lotto email scams you might have received in the past which always require you to sign out a
blank cheque or give out your bank information in order to perpetrate their illicit lotto scams.
The give-away. If you believe this, please cut up your credit cards now!
Please note that this winning is very
real and legitimate and your exercising good faith in this our lottery program will enable us remit your winning funds to you in your
preferred mode of payment without any further delay. Therefore,to confirm the legitimacy of our lottery program, the below website is
The Dutch speak and write better English than some of us…
one of the websites we are running over the internet concerning our lottery programs in the Netherlands.
However,to begin your claim,being non-netherlands resident or citizen,you are required within two days to officially notarize your
uh oh, you want me to go to The Netherlands in person? Surely you’ll just bash me over the head with a baseball bat, take my passport, my Euros, my cards, etc. and leave me with nothing but a sore head?
winning claim at the Dutch Court of Justice in the Netherlands to sign the Release Order and the clearance papers that will enable the
paying Creft Consulting Agency release your winning funds to you. But in case you cannot come to the Netherlands within the stipulated
two days,do inform your claim officer to make proper arrangement regarding your claim notarization. Once your claim is fully notarized
and a copy of the Notary receipt from the court is forwarded to us,we will provide you with your Award winning Certificate. Please for
more information concerning the claim of your winning funds,we advise you to forward a confirmation email to your claim officer at the
paying Creft Consulting Agency and as well follow their claim instructions. Below is the contact details of your claim officer:
CREFT CONSULTING AGENCY
Wot, no street name and postal district?
fsmail.net – hang on, a consulting agency, I think not!
Conclusively,vernus Millionaire Lotto is not a scam organization therefore this mail should not be treated as a scam scheme or be
taken for granted,we are backed up by the appropriate lottery law in the Netherlands and only the successful winners in this our
online lotto program receive this congratulation mail and because you won that is why this mail is being directed to you.
That’ll be right. Not a scam, not to be treated as a scam scheme…yeah yeah. Pull the other one, it has got bells on.
Remember that all prize money must be claimed not later than 7 working days. After the last day, all funds will be returned as unclaimed.
Congratulations once again from our team of staff and thank you for being part of our promotional program.
This mail was sended with unregistered version of Zmei Mail Sender.Visit http://www.zmei-soft.com for free download of Zmei Mail
“Sended” – wrong tense, another giveaway!
Unregistered? What? A huge commercial lottery outfit like this? Surely they would have their own domain and their own e-mail software. More evidence.
If you receive an e-mail with any of these characteristics, I suggest you delete it without so much as a second glance (I take no responsibility if you delete a legit lottery winning notification!)
Better still, I can recommend a program that can weed out such spam and prevent it from getting into your mailbox in the first place: check out MailWasher Pro. It “sits ahead” of your e-mail client (application) and uses known databases of spam to intelligently mark incoming e-mail as either legit or possible spam: it’s a boon if you’re still on dial-up.
Technorati Tags: MailWasher, MailWasher Pro, spam, recognising spam