I'm two degrees of separation from Muammar Gaddafi?

A couple of weeks ago I received an email supposedly from Aisha al Gaddafi, the daughter of Muammar Gaddafi.  I'll spare you the tale of woe about her fleeing Libya, but as you can guess it is really a plea that I help her get access to "Thirty Million Great Britain Pounds Sterling" in Barclays Bank London by transferring it to my account.

I'm supposed to "keep this conversation and business between you and I confidential for security and success".  However "I" includes me and "undisclosed-recipients".  I wonder how many people this group includes.

Needless to say, I'll forward this email to the Anti-Phishing Working Group .  I hope many others have already forwarded this, but I could be the first.

Phishers are phools, but the phished are bigger phools

Most of us have heard that phishing and other scams are big business.  Given many of the errors of grammar, errors of spelling, and so on, it is hard to believe that enough people take them seriously.

I just started getting phrench phishing, and I think it is because at least one of two French speakers I've recently exchanged email with have had their address books hacked.

Even though I generally recognize spam from just the title or sender, I often take a peek at the contents.  I was surprised to see that one email supposedly in French may have had a Russian sender; it had securitй instead of sécurité!!

P.S. I did a search on securitй and got 598 hits.  It seems to be common usage in Russian to use this blended spelling of Latin and Cyrillic characters, both in a French context and a Russian context.

Report spoof email as often as you can

It seems that every day I get some spam that intimates that it is from a major corporation and that my account has been compromised. I report almost every one of these to the spoofed corporation (if I've found an email address for such) as well as to the Federal Trade Commission (spam@uce.gov) and the Anti-Phishing Working Group (reportphishing@antiphishing.org).

Sometimes it is hard to find an email address for a spoofed company. Somewhere on a home page or a help page you might find a link to spam, spoof, phishing, fraud, or security.

You might think that it is a bit of work to report spoofing, but consider it like calling the police when you see suspicious activity around a neighbor's house. Consider also this statement that I received from PayPal after reporting a phishing message:

Every email counts. When you forward suspicious-looking emails to
spoof@paypal.com, you help keep yourself and others safe from identity
theft.

See also my blog entry Phishing against which bank this week?

Spam or legit?

I received an eCard from Blue Mountain but no sender name in the subject. I think that Blue Mountain is a legitimate company, but when I looked at the source of the message, I didn't find any name that I recognized.

If it was your card, I'm sorry that I deleted it. If it was really a spam message, then I did the right thing.

I'm not transitioning, prioritizing, or strategizing with neologisms

As you know, I'm not the world's best writer and I don't always write clearly. But I have been jolted by grandiose words that could be replaced with simpler words or more elegant phrases.

When I have time, I report phishing emails to the appropriate authorities. Today's phishing email purported to over four million dollars in accrued interest for me at Abbey Bank in London.

I tracked down Abbey Bank's web site and found the page on reporting spam. It said that one should send details to phishing@abbey.com and then followed it with

The emails are then made available to our colleagues who liaise with the various law enforcement agencies and ISP's.

Argh! Can't their colleagues work or co-operate with law enforcement and ISPs?

An offensive against spammers or a counter-attack by spammers?

Twice early this morning I was sent "Warning: could not send message for past 4 hours". It was in response to two of the three messages I sent yesterday to PayPal and two banks about phishing with a copy to FTC Spoof .

Either the FTC was overwhelmed with forwarded spam or spammers tried a denial-of-service attack last night. Let's hope it's the former, which is bad enough. Let's also hope that the authorities are finding lots of these crooks and putting them out of business. I saw an estimate that over a third of the Internet traffic is spam!!

See also "Phishing against which bank this week?"

What gives with spammers this week?

I haven't seen as much spam ever as this week. At six in the evening I already have 23 spams for watches, losing weight, sexual dysfunction, and stock tips. The Russian spam has gone down considerably. I got the first in days: something about filtering internet ads, I think. I haven't gotten any Turkish spam for awhile.

I have been passing on phishing spam to the spoofed companies, even if I don't do business with them. I figure it's my little bit to put a stop to these criminals. If you go to the legitimate site for a spoofed company, you may be able to find something about their spoof policies. Either forward the spam or include it an attachment.

Three I know about are

spoof@paypal.com
abuse@bankofamerica.com
abuse@USAA.com

May you never need to use these addresses.

Netting phishers

I received an email today that claimed my Bank of America card had been deactivated. Strange, I don't have a Bank of America card.

I didn't open the email but I looked at its source. Sure enough, a look-alike URL was used for the link to "verify" my data.

Often I don't bother with reporting fraud to companies that I don't do business with. On the other hand, the more of us who report fraud, the tougher it will get for the bad guys.

I had checked Bank of America's web site once before but hadn't found any fraud report link. I checked today, started with "Contact us", and a couple of pages later found a "Report Fraud" item. It said that fraudulent email should be forwarded to abuse@bankofamerica.com. I did so and deleted the fraudulent email.

The most active tracker of fraudulent email that I know is PayPal. If you get suspicious email supposedly from PayPal, forward it to spoof@paypal.com.

It may take you only a few minutes to report fraud, but you may save many other people years of grief.