Category: Scams

Outstanding Invoice SCAM

A friend of mine forwarded me an email that he had identified as a scam. It contained a brief message and a word document attachment, lets take a closer look;

From: “Jerry Donovan” <Kristina.a51@motogalos.pt>
Date: 16 Mar 2015 14:38
Subject: Outstanding invoices – 563339 January
To: “chris” <chris@btinterwebs.com>
Cc:

Dear Sirs,

Kindly find attached our reminder and copy of the relevant invoices.
Looking forward to receive your prompt payment and thank you in advance.

Kind regards
Jerry Donovan

So receiving some email about an outstanding invoice isn’t anything out the ordinary, it’s all spelled correctly and ‘Jerry Donovan’ sounds trustworthy, right?

Hmm – the first thing I noticed was the email address. Surely a legitimate email would be jerry.donovan@something.com? This guys seems to be Kristina.a51@motogalos.pt? Thats not very professional?

I also opened the attached file, if gmail allowed it to arrive in my inbox then it didn’t contain a virus.

It was a blank word document with some macros (which are like mini programs) embedded into it, they were supposed to run when I opened the file. I tried to edit the macros to see what they did but it was all passworded, tried to crack the password but it didnt work first time and i’m far too busy to sit doing that all night 🙂

My version of Word completely disabled the macros as it opened the file so no harm done. Older versions of Word may not do this, or if you open it in something else you may find you have problems.

The whole point of this is to make you think “Wait, what invoice?” then see its only a harmless word document so you open the file and boom, whatever the macro ‘virus’ was designed to do has just been done.

It could probably trigger a file download from somewhere, or reset/steal/wipe certain information from your computer. Yes, even Word documents can be dangerous.

Macro viruses are fairly uncommon now, they were big back in the day but things have moved on a lot now. I guess people have forgotten about them as “Its only a word document!?”… Yeah well a simple Word doc infected 20% of computers worldwide back in 1999.

You’ll never look at a .doc file the same again 🙂

Thanks for the submission, Chris!

If you receive something that looks dodgy, the please forward it to scams@0lly.uk or use the form i’ve set-up and i’ll check it out for you 🙂

17 March 2015
YOU WON! – SCAM – Lotto Sizzler International Annual Promotional Draw Word Attachment Scam

Had so many fun things through on my email recently, Its like they want to be published ahah 🙂

It seems the current trend is to keep the email basic so as to not trip the spam filters, but then whack a document or followup email with the meaty goodness in – this is what the email attachment said;

From: Ms. Patricia Atkins
Canada- Lotto Sizzler International Annual Promotional Draw
1550 Princess Street
Kingston. ON. Canada. KTM 9E3
Attention: Customer AFRSABBO
Ticket Number: B95647-5804545100
Ref: EAAL/851OYHI/05
Batch No. Lotto 6/49

Wow that is a lot of initial mumbo jumbo, maybe this is finally a real one??!?

Congratulations to you as we bring to your notice, the results of the First Category draws of E-MAIL LOTTERY organized by the Canadian and South Africa Governments. in conjunction with Lotto Sizzler international Annual Promotional Draw.

Umm, what? That all just reads terribly and has far too many people/things involved for my liking… something smells fishy!

We are happy to inform you that your valid e-mail address attached to Ticket Number B9564 75604545 100 with Serial Number S/N-00168, drew the Winning Numbers: 12 13 21 26 41, with hot ball #3, Have emerged a winner of a total sum of US$920,000.00 (Nine Hundred and Twenty thousand United States Dollars) in cash credited to file MSW-l/9080118308/05. this is from a total cash prize of US $11.100,000.00 Million dollars. shared amongst the first One Hundred and-ten (110) lucky winners in this category Worldwide.

POW, all the numbers! Trying to blow me over with big official looking reference numbers and large amounts of money. If you actually read it though its a mish mash of crap that doesn’t even make sense.

Our Africa agent will immediately commence the process to facilitate the release of your funds as soon as you contact our Agent’s office. All participants were selected randomly from World Wide Web site through computer draws system and extracted from over 10,000.00 companies and personal e-malls.

I wish they would get someone to proofread these things first, they may stand half a chance then! “Computer draws system” eh?

For security reasons. you are advised to keep your winning information confidential till your claims is processed and your money remitted to you in whatever manner you deem fit to claim your prize.

Again, a proofreader would go a long way here.

This is part of our precautionary measure to avoid double claiming and unwarranted abuse of this program by unscrupulous elements.

Oh of course – I should have this opportunity only as I entered the lottery they’re talking about… oh hang on… no.. no I didnt haha

To file for your claim, please fill the form below and send it to our corresponding payment agent in South Africa who will handle your winnings processing for quick and urgent release of your fund to you.

Contact information ls as follows:

Representative Head office in Africa
Address: 28 Rivonia Road, Johannesburg South Attica

MANAGER: GRAPHIC TRUST AGENCY
Contact Person: Mr. Kevin Victor
Tel: -i-27719923208
Contact E-mall: lnfo.graphictrustagentb@gmall.com

[Name & Address fields for you to fill out]

Looks reet official, that! You’re telling me that an official, international lottery fund is being managed by someone with info.graphicstrustagentb@gmail.com as an email address? Are you for real? Hahaha

Congratulations once again! From the Staffs & Members of the Canadian Lottery Board Commission

Yours Sincerely,
Ms. Patricia Atkins (Sec. Zonal Co-coordinator.)

Thanks, Patricia – you’re so generous haha

NOTE: to confirm that you have the correct winning numbers for the Wed, 2/11/2015, do confirm under, http://www.powerball.com/hotlotto/hl_numbers.asp

I visited the URL (it seems to be safe) but it is some spoofy lottery page, the main URL looks to be an actual lottery website so im wondering if they’ve been hacked.

I have forwarded the email onto them.

All in all, fairly standard stuff – I have emailed the person back to see what their reply is, and will update the post if they get back to me.

The email referenced in the attachment bounced unfortunately 🙁

Looks like their account has been deleted or it was listed in the attachment incorrectly.

I’ll keep you all posted 🙂

Remember peeps, If it looks too good to be true, it will be.

5 March 2015
New 419 Scam – Jing.Kang@mris.com

I recieved this today;

That was it! No long email (no email at all actually) no “bla bla geef me the monies” just quite simply, nothing! The email header looked like this;

from: jing.kang@mris.com

to: info@live.com

date: 5 March 2015 at 10:34

subject: I pick you for a project..send REPLY

mailed-by: mris.com

So me being me, hoping it would turn into a bit of Thursday comedy gold, I sent a brilliantly worded reply back to them;

And low and behold, BAM right in the kisser;

Catarina Henderson <catarina.henderson@outlook.com>

Good day

This is my personal reference number law/chamber/solicitors/je/rs/WILL/928473012 and My Name is Mrs Catarina Henderson. please send this to my attorney with the contact information below – he would provide all information to you.

Ooo sounds official :/

Due to my Sickness, i have been touched by God and want my WILL to be donated to you rather than allow my relatives to use my Late husband hard earned funds ungodly.

Ok, key parts here are this person is ill, they’ve mentioned god and they’ve implanted the idea of someone’s life savings being wasted in my head. An attempt to tug on the heart strings a bit and make any decent person feel a bit uncomfortable and sorry for this person.

My doctor told me that I have limited days to live due to the cancerous problems I am suffering from as I will be going in for an operation later today. What bothers me most is the stroke that I have in addition to the cancer.

Now they mention a few horrible things that everyone can relate to, again, a weak attempt to make you feel sorry for this person and make you empathise with them which starts to make them “real”.

With this hard reality that has befallen my family and me I have decided to donate this fund to you and want you to use this gift which comes from my Late husbands effort to fund the upkeep of widows, widowers, orphans, destitute, the down- trodden, physically challenged children, barren-women and persons who prove to be genuinely handicapped financially.

LOL – why dont you try and fit in a few more things in there – there are so many “key phrases” in that they are guaranteed to trigger a reaction in almost everybody. Its all obviously a fake, but if it was your second day using the internet and you saw all this….?

I am currently sending you this mail from my sick bed in the hospital, I do not need any telephone communication in this regard due to my deteriorating health and because of the presence of my Late husbands relatives around me. I do not want them to know about this development.

Convenient.

With God all things are possible. I believe in Charity and I believe your faith is guarantee for me to trust you. Contact on the Attorney Kennedy Email: (legalconsultantkennedy@live.co.uk) I sold my Inherited All belongings and deposited the sum of All $ 5.2 million dollars with A Security Company. I am diagnosed of cancer and have a time limit to live on this planet.

Oh wow, if I had believed them up to this point, I’d have just peed a little bit. Wham bam, $5.2 million bucks in the bag…. And no ask for bank details, or anything else you normally get in these kind of situations… This is an interesting development, they seem to be spreading the scam out a bit rather than just hitting me straight with the obvious stuff. How exciting 🙂

As for how I got your email, it was gotten after a proper search via your area zip code with the help of the lord leading me. At the moment I cannot take any telephone calls right now and my Doctor knows i have changed my Will.Lord will Bless you Abundantly as you extend the good works to others and Ensure to use a greater portion of the funds for its purpose in fulfillment of my last wish .. My contact on the Attorney Email – legalconsultantkennedy@live.co.uk

Defintly trying to get me to contact Attorney Kennedy here – who must be extermely professional with a @live.co.uk email address. Take note business owners, get your own domain! 🙂

Sincerely,

Mrs Catarina Henderson

So, I sent them this;

I shall update this when they reply 🙂

5 March 2015
SCAM – Unable to deliver your item, #000552451 – FedEx Ground FAKE
Had a funny email from some n00b scam merchant;

From: FedEx Ground <alvin.bowers@em021.cside.jp>
Date: 27 February 2015 at 15:46
Subject: Unable to deliver your item, #000552451
To: my@email.address

Dear Customer,

Your parcel has arrived at February 26. Courier was unable to deliver the parcel to you.

Delivery Label is attached to this email.

Yours sincerely,
Alvin Bowers,
Station Manager.

(C) 2014 FedEx. All rights reserved.

To say these people are trying to blag me, they aren’t exactly doing a very good job of it.
- Why would the person emailing me about a parcel have a japanese email address?
- I sure FedEx would send me more than a basic text email with an incorrect date copyright notice in the footer?!
- The attachment was a zip file!
These kind of emails aren’t the fun ones that you can reply to and “bait” for a few weeks, these are the kind that just want you to open the zip file, and get infected with a virus so they can turn your PC into a zombie or something.

Be careful peeps – never open zip file attachments from anyone – even trusted sources!

If you need to send a legitimate file and it is an executable file or an archive, send it via something like Dropbox as they only allow you to upload and share safe stuff, meaning the person receiving can be confident enough to download and open it.
4 March 2015