Author: Olly

Seem to be getting a lot of these recently – they are slipping through the Gmail spam filters and Gmail doesn’t instantly pick up they are dodgy. After a while it marks the attachment as a virus but not straight away.

If you’re ever unsure what to do or if things like this are real, then try and attempt to open it in Google Docs – dont download it and open it in Word.

Email from Laurel Barry – Porfirio.51@ususmal.net

If you receive something in your inbox and are not sure about it, send it to me and I will be happy to take a look and advise you from there 🙂

A friend of mine forwarded me an email that he had identified as a scam. It contained a brief message and a word document attachment, lets take a closer look;

From: “Jerry Donovan” <Kristina.a51@motogalos.pt>
Date: 16 Mar 2015 14:38
Subject: Outstanding invoices – 563339 January
To: “chris” <chris@btinterwebs.com>
Cc:

Dear Sirs,

Kindly find attached our reminder and copy of the relevant invoices.
Looking forward to receive your prompt payment and thank you in advance.

Kind regards
Jerry Donovan

So receiving some email about an outstanding invoice isn’t anything out the ordinary, it’s all spelled correctly and ‘Jerry Donovan’ sounds trustworthy, right?

Hmm – the first thing I noticed was the email address. Surely a legitimate email would be jerry.donovan@something.com? This guys seems to be Kristina.a51@motogalos.pt? Thats not very professional?

I also opened the attached file, if gmail allowed it to arrive in my inbox then it didn’t contain a virus.

It was a blank word document with some macros (which are like mini programs) embedded into it, they were supposed to run when I opened the file. I tried to edit the macros to see what they did but it was all passworded, tried to crack the password but it didnt work first time and i’m far too busy to sit doing that all night 🙂

My version of Word completely disabled the macros as it opened the file so no harm done. Older versions of Word may not do this, or if you open it in something else you may find you have problems.

The whole point of this is to make you think “Wait, what invoice?” then see its only a harmless word document so you open the file and boom, whatever the macro ‘virus’ was designed to do has just been done.

It could probably trigger a file download from somewhere, or reset/steal/wipe certain information from your computer. Yes, even Word documents can be dangerous.

Macro viruses are fairly uncommon now, they were big back in the day but things have moved on a lot now. I guess people have forgotten about them as “Its only a word document!?”… Yeah well a simple Word doc infected 20% of computers worldwide back in 1999.

You’ll never look at a .doc file the same again 🙂

Thanks for the submission, Chris!

If you receive something that looks dodgy, the please forward it to scams@0lly.uk or use the form i’ve set-up and i’ll check it out for you 🙂

Had so many fun things through on my email recently, Its like they want to be published ahah 🙂

It seems the current trend is to keep the email basic so as to not trip the spam filters, but then whack a document or followup email with the meaty goodness in – this is what the email attachment said;

From: Ms. Patricia Atkins
Canada- Lotto Sizzler International Annual Promotional Draw
1550 Princess Street
Kingston. ON. Canada. KTM 9E3
Attention: Customer AFRSABBO
Ticket Number: B95647-5804545100
Ref: EAAL/851OYHI/05
Batch No. Lotto 6/49

Wow that is a lot of initial mumbo jumbo, maybe this is finally a real one??!?

Congratulations to you as we bring to your notice, the results of the First Category draws of E-MAIL LOTTERY organized by the Canadian and South Africa Governments. in conjunction with Lotto Sizzler international Annual Promotional Draw.

Umm, what? That all just reads terribly and has far too many people/things involved for my liking… something smells fishy!

We are happy to inform you that your valid e-mail address attached to Ticket Number B9564 75604545 100 with Serial Number S/N-00168, drew the Winning Numbers: 12 13 21 26 41, with hot ball #3, Have emerged a winner of a total sum of US$920,000.00 (Nine Hundred and Twenty thousand United States Dollars) in cash credited to file MSW-l/9080118308/05. this is from a total cash prize of US $11.100,000.00 Million dollars. shared amongst the first One Hundred and-ten (110) lucky winners in this category Worldwide.

POW, all the numbers! Trying to blow me over with big official looking reference numbers and large amounts of money. If you actually read it though its a mish mash of crap that doesn’t even make sense.

Our Africa agent will immediately commence the process to facilitate the release of your funds as soon as you contact our Agent’s office. All participants were selected randomly from World Wide Web site through computer draws system and extracted from over 10,000.00 companies and personal e-malls.

I wish they would get someone to proofread these things first, they may stand half a chance then! “Computer draws system” eh?

For security reasons. you are advised to keep your winning information confidential till your claims is processed and your money remitted to you in whatever manner you deem fit to claim your prize.

Again, a proofreader would go a long way here.

This is part of our precautionary measure to avoid double claiming and unwarranted abuse of this program by unscrupulous elements.

Oh of course – I should have this opportunity only as I entered the lottery they’re talking about… oh hang on… no.. no I didnt haha

To file for your claim, please fill the form below and send it to our corresponding payment agent in South Africa who will handle your winnings processing for quick and urgent release of your fund to you.

Contact information ls as follows:

Representative Head office in Africa
Address: 28 Rivonia Road, Johannesburg South Attica

MANAGER: GRAPHIC TRUST AGENCY
Contact Person: Mr. Kevin Victor
Tel: -i-27719923208
Contact E-mall: lnfo.graphictrustagentb@gmall.com

[Name & Address fields for you to fill out]

Looks reet official, that! You’re telling me that an official, international lottery fund is being managed by someone with info.graphicstrustagentb@gmail.com as an email address? Are you for real? Hahaha

Congratulations once again! From the Staffs & Members of the Canadian Lottery Board Commission

Yours Sincerely,
Ms. Patricia Atkins (Sec. Zonal Co-coordinator.)

Thanks, Patricia – you’re so generous haha

NOTE: to confirm that you have the correct winning numbers for the Wed, 2/11/2015, do confirm under, http://www.powerball.com/hotlotto/hl_numbers.asp

I visited the URL (it seems to be safe) but it is some spoofy lottery page, the main URL looks to be an actual lottery website so im wondering if they’ve been hacked.

I have forwarded the email onto them.

All in all, fairly standard stuff – I have emailed the person back to see what their reply is, and will update the post if they get back to me.

The email referenced in the attachment bounced unfortunately 🙁

Looks like their account has been deleted or it was listed in the attachment incorrectly.

I’ll keep you all posted 🙂

Remember peeps, If it looks too good to be true, it will be.