Scanning through y spam folder, as you do, and spotted this gem. I dont have an earlier email from the guy, perhaps there wasnt one – but the format of this 419 email scam is a bit different and I wanted to share it with you.

from: Angelo Pietrobelli mmjanee1@gmail.com
reply-to: Angelo Pietrobelli mrpatrickcollins@torzsasztal.hu

This is my second time I am sending you this notification, simple
contact Patrick Collins on his email address
mrpatrickcollins@yahoo.com with your contact information

1.
Name,
2. Address,
3. Phone number,
4. Age,
5. Occupation

and your nearest airport to land, so that he can deliver the Atm worth
$5.5 Million as he just landed in your country now but misplaced your
information, he will give you more details when you re-confirm
details.
Your personal code is XLA21492014SD use this code to the diplomat
Patrick Collins , so that he can know that you are the rightful owner
of the Card.

Best regard

Angelo Pietrobelli

The endgame for these people is the same, but their approach has been updated. Trying to trick busy people who feel something may have been sent to them in error. Doucheburgers.

Also notice the reply to is different from the sender address, and then the email referenced int he email body is also different – confusing! And very sloppy!

If it seems too good to be true, it probably is.

Stay ScamWise!

Well, well, well. I got an email from a group of friends that I have formed, who have all been scammed by the infamous Stuart Paskin. The email was telling me about his latest incarnation of website, www.MaisonBianco.com.  It basically means the white house – wonder where that name came from? :/

NOTE: To anyone unfamiliar with this cretin, I blogged about him here and about his company here.

Annnnywayyyyy…. It seems Stuart Paskin is at it again and has closed “The White Tent” down in favour of a more posh brand called “Maison Bianco” which is the same name, just in Italian.

The site is actually really nice, I mean, its theme based but its been put together by someone that knows what they are doing – which in fact saddens me even more. As this professional has no doubt been screwed over by Stuart Paskin aka  Lux Level Ltd AKA 77 Interiors Ltd (Company number 07967774)  to the sum of thousands. Just like we did, and just like the 10+ other digital agencies did – of which we are in contact with them all.

Stopping the Scammers

We’re working on finding out who is “working” for him at the moment, and I of course use that term loosely as working for someone usually means you get PAID and this asshat doesn’t pay anyone. When we do find out, we’ll ensure they know the facts and let them make their mind up about whether or not to keep working for them.

If you are a victim of these scammy b@stards then please contact me and tell your story. We have a group of others who are all victims and we can add you into that group so you can join the discussion.

And Stuart – if you are reading this, the net is closing in around you. Give up now before an army of pissed off digital agency owners find you and get their revenge.

Bianco Maison

Maison Bianco

Mr S. S, I hear you’re no longer working with Paskin. I’d love a chat. Email me 🙂 

A customer recently forwarded this to me in a bit of a panic, he uses iTunes and this email really stopped him in his tracks… here is how it looks;

I am not an Apple user, so to me this looks as legit as I would expect. The “To Cancel Transaction…” bit looks a bit out of place but it wouldn’t really jump out at someone as being a red flag.

He forwarded it to me anyway, and the first thing I checked was the senders address;

The sender address is obviously wrong – it should be apple related at least.

The next thing to check would be any links in the email, DO NOT CLICK THEM but hover and look in the bottom right of your screen to see where they go;

Hmm, not sure that should be where a “Cancel subscription” link should go, do you? 🙂 Interestingly they’ve used the Myspace URL shortener so have either hacked that, or have hacked the place the short URL sent the user to?

I clicked it (safe, test environment) and the link forwards to a page that has been taken down. So there is zero risk with this thanks to someone giving the hacked end site a heads up. Great work whoever you are 🙂

All in all, a very convincing email and I dread to think how many novice iPhone users will have fallen for it before it got taken down 🙁

If you’re not sure if something is real, then forward it to iamolly@bigfoot.com and I will do my best to decipher it and I may blog about it too.

As always, stay safe peeps 🙂

Despite me going back to normal style blogging, I can’t help still being interested in attempted internet scams.

A customer at work has asked me for help as they spotted a phishing scam that used their domain name, and upon closer inspection I spotted something I had not seen before. Perhaps this scammers undoing!

I have changed the domain name to safeguard my customer.

The emails read like this;

Subject: Settle up this payment
Date: Mon, 21 May 2018 13:14:53 +0200
From: Kevin Playwright <kevin@playwright.me.uk>
Reply-To: Kevin Playwright <kevin@playwright.me.uk-c.co>
To: accounts@playwright.me.uk

I need you to process a faster payment for a new beneficiary, payee details attached.

I will send the documents once i’ll be at my desk.
Leave a reply once completed or in case you get any problem while setting it up.

Regards,
Kevin Playwright.

Sent from my iPhone

The email is flawed in a few ways, firstly there is no-one called Kevin in this organisation, and secondly, there is certainly no-one called Kevin who carries the surname which happens to be the same name as the organisation Kevin is supposed to be part of.

The next point which my customer didnt notice, was the reply-to address. As regular readers of my scam blogs will know, this is one of the first things I check as this often leads straight back to the crook!

Usually, if the reply-to address isn’t the same as the send address (IE email account fully hacked) then it will be completely different – but in this case it was a hybrid!

Let’s take a closer look at those email addresses.

kevin@playwright.me.uk <- Sending address
kevin@playwright.me.uk-c.co <- Reply-to address

Notice the bit at the end of the reply to address?

If we reverse that to make a domain name, the extension is .co and the bit before that, before the next dot is uk-c – which means that this email address is fake, but has been created to fool you into thinking you are replying to the original sender.

Their domain is: http://uk-c.co

If you visit it, you spot that its a mail server;

They can apply this scam to any UK email address;

test@domain.co.uk-c.co

It would be so easy to miss.

Be careful peeps, if something doesn’t feel right STOP and pick up the phone. Call the person who emailed you, call your IT mate, comment on one of my blogs – just dont brush it off as nothing.

Stay safe peeps.

PS I’ve reported them to ICANN hopefully they have their domain taken off them.