Category Archives: Fraud

Scam: “Edmond Homo Benjamin”

Posted on by The Old Wolf

OK, this one made me laugh.

Subject: Attn;My Dear,
From: “Mr. Jerry Moore.” <western.unionservice13@gmail.com>

To: undisclosed-recipients:;
Attn;My Dear,

I write to inform you that we already issued those documents to accompany your $5,000 payment each day. But the only problem we are having right here is your personal signatures which the Federal Administer of Fund Benin Republic requested that you must sign those documents before we can transfer funds to you. However, I told the officer in charge that it will not be necessary for you to come down here due to your occupation or some other thing that may not allow you to come down here to sign those documents yourself. The Minster Administrator of Fund said that you should get an attorney to sign on your behalf if you are unable to come down here in person.

I think this way is the best and the only way forward for you to receive the funds. I have negotiated with an attorney who would sign on your behalf. His name is Edmond Homo Benjamin. According to him you are to pay for the accredited attorney. He is charging $120.00 to be paid before he gets those documents signed in your favor. I told him to consider signing those documents on your behalf today with a promise that you would pay him back from the $5,000 payment you suppose to receive tomorrow morning if he gets those documents signed today.And his respond is that you have to pay the accredited attorney fee of $120.00 before signing those documents. Well, I asked him for the verylast time if he could allow you pay half of his fee today with a promise that you would pay him the Remain balance tomorrow from your $5,000 payment at the western union office once you pick up the $5,000 payment. Well, he said that you should pay the half of the fee $60.00 through western union today. He want me to ask you if you would be so kind to pay him back the remain $60.00 balance at the western union office once you picked up the $5,000 pay out each day. I am hereby this writing to ask you to let me know if you would pay his balance immediately you pick up the $5,000 payment.

He wants you to pay half of $60.00 today and pay the balance at the western union office once you picked up the $5,000 payment tomorrow.But if you are not kind enough to pay his balance after picking thefirst transfer just do not bother yourself not to reply because I won’t see another attorney here to do this. Here is information for you to pay $60.00 half of his fee through western union today.

Get back to us to give you name where to Send The half of the fee $60.00 today via western union money Transfer

RECEIVER NAME:….
COUNTRY:……..BENIN REPUBLIC
CITY:…………COTONOU
TEST QUESTION:..
TEST ANSWER:….
AMOUNT:….$60.00
MTCN………
The attorney will get those documents signed as soon as he confirms the half of his fee from you. I will advice you to pay him the half of $60.00 and let him sign the documents and you will then pay the other balance of $60.00 form your $5,000 payment.You are advice to reconfirm your contact address while sending the half payment to avoid mistakes on remitting your first payment. state your information as stated below.

Your name…….
Beneficiary country……..
Phone no…….
Address/city………
Age/sex…..
Occupation….
I await your compliance.
Sincerely,
Money Transfer Department
Mr. Jerry Moore.
TEL:+229-.9825 4024
Email:w.service12@yahoo.fr

Yas, well, you’ll be awaiting my compliance until Hell freezes over, Mr. Jerry Moore. These people are getting desperate – they only want $60.00 now, instead of hundreds or thousands. Naturally, if a victim bites, there will be “other fees” to be paid, ad infinitum.
It seems that these scams have recently shifted from Nigeria to Benin, or else the Nigerians are using Benin as a front to try to hide their identity.

Whatever the case, people, be careful out there. Nobody in Africa has any money for you, and NEVER SEND MONEY TO A STRANGER WITH WESTERN UNION OR MONEY CARDS.

The Old Wolf has spoken.

Global Travel Network in Salt Lake City: Avoid these ripsters like the plague.

Posted on by The Old Wolf

global 2

Around December 20th, I entered a drawing for a $2,500 mall shopping spree. Of course, I didn’t win – but what I got was a call from representatives at “Rewards Fulfillment,” letting me know “we had been selected” to receive a “luxury vacation.”

Well, I’ve written about this kind of scam before. This time, it was Global Travel Network. They called me, told me “I had been selected based on my demographic profile,” and all I had to do was go up to Salt Lake for a presentation and to collect my prize.

The musicians have changed, but the music remains the same.

I told them I was not interested, and why. Thank you for calling. Goodbye.

Were we done? Not by a long shot. These people or their contractors called me back five times more, each one giving the same spiel, and each one being given the same information from me: 1) I’m not interested. 2) This is the [n]th time I’ve been called. 3) please remove me from your database.

Today I got a call from a lady who acknowledged that I had told previous agents that I wasn’t interested. She launched into a sales pitch, saying she was from quality control and her job was to make sure that her agents were doing their job right. I explained to her Rule No. 1 of sales: “Never try to sell to someone who isn’t going to buy.” Yet she rattled on for 15 minutes, trying to get me to come in for a presentation that I wasn’t interested in (I was just waiting for a car to be repaired and had nothing else to do at the moment.) They must get paid based on how many people they sign up.

Talk about relentless and disrespectful. This outtfit is worse than a rogue debt collector, and there seems to be no way to get them to stop calling. Each call, for what it’s worth, has come from a different phone number.

Here are a couple of horror stories about Global Travel Network: This one and this one.

An investigative report from 9News in Denver give you a good look at how the scam works – apparently Global Travel Network is behind this as well, but in Denver they were representing themselves as Global Connections, and hijacking that company’s BBB rating. Nice and honest, huh? Global Travel Network is not accredited with the BBB; have a look at what the Better Business Bureau has to say about them as of 1/12/2015:

This company has a pattern of complaints alleging misrepresentation during initial contact with the representative as consumers allege being offered several different incentives for attending a presentation such as gas cards, cruises, round-trip airfare, free vacations, etc. with promise that nothing will be required out of pocket and there are no black-out dates or restrictions. Once consumers receive said incentives or attempt to book their vacation they find that what was initially promised to them is not what has been received. There are additional fees required or difficulty booking the vacation.

While the business has responded to the BBB’s concerns and stated all terms and conditions of the offers are disclosed and that additional training has been set in place to ensure that this no longer occurs, BBB has continued to receive complaints with the same underlying issue.

This is an excellent report, and worth watching and reading both. They give you an idea of how deep this deceptive pool of slime goes.

After having the police called on them, here’s the response 9News got from Global Travel Network:

Global

Would you do business with this company? Don’t.

The Old Wolf has spoken.

Let’s Clean Up Facebook in 2015: Hoaxes to Avoid

Posted on by The Old Wolf

I keep seeing them crop up on my wall. The Facebook Privacy notice. The “so-and-so is giving away a Maserati to a random user.” OMG you won’t believe this shocking video. and on and on.

These hoaxes are designed for one purpose only: No good.

Below I list some of the most common hoaxes and scams that are prevalent on Facebook. If we could just get people to stop sharing these, we’d be cutting out a lot of clutter and saving some folks a lot of hassle.

1) The Facebook Privacy hoax.

By this statement I give notice to Facebook it is strictly forbidden to disclose, copy, distribute or take any other action against me based on this profile is private and confidential information.

The sentence above is the core of this hoax, although there may be more verbiage associated with it.

If you have posted this, delete it at once. Don’t share it. If you have friends that have posted it, refer them to this article which explains the hoax in detail, and have them delete it.

2) The Free Giveaway Hoax

“Disneyland is giving away two annual passes to a random Facebook user who likes and shares and comments on this post.” Or maybe it’s 50 Cent. Or Walmart. Or Bill Gates. Or Lamborghini.

☛ NO, THEY ARE NOT.

This is a prime example of “like farming.” You need to be aware of what this is and how it works. A great video by Hoax Slayers explains the like-farming business clearly and concisely. Don’t contribute to the financial well-being of criminals. Do not share these posts, and do what you can to have them deleted.

3) The “Talking Angela” scare.

WARNING FOR TO ALL PARENTS WITH CHILDREN THAT HAVE ANY ELECTRONIC DEVICES , EX : IPOD,TABLETS ETC …. THERE IS A SITE CALLED TALKING ANGELA , THIS SITE ASKS KIDS QUESTIONS LIKE : THERE NAMES , WHERE THEY GO TO SCHOOL AND ALSO TAKE PICTURES OF THEIR FACES BY PUSHING A HEART ON THE BOTTOM LEFT CORNER WITHOUT ANY NOTICES . PLEASE CHECK YOUR CHILDREN’S IPODS AND ALL TO MAKE SURE THEY DO NOT HAVE THIS APP !!! PLEASE PASS THIS MESSAGE ON TO YOUR FRIENDS AND FAMILY MEMBERS THAT HAVE KIDS !!!!

This is a totally bogus warning. It was written by someone ignorant and gullible, and sadly has spread around Facebook like wildfire. There is no truth to it.

4) The “OMG You’ve gotta see this shocking video gross yuck!” scam.

It may say something like “OMG you won’t believe how you look in this vid!” or things like that. Key words to watch out for are:

  • shocking
  • gross
  • disgusting
  • unbelievable
  • amazing

These are not always just space-occupying like-farming hoaxes – they ofthe get you to install bad software or simply spread themselves to other Facebook users. There’s one safe way to protect yourself:

☛ – Don’t follow the links, don’t press any buttons that say “allow”. Just don’t.

5) “See who has unfriended you,” “see your top three friends,” “change your Facebook background to pink,” “see who has viewed your profile,” etc.

None of these apps or ones like them do what they say they will do. They are there for the purpose of gathering your information, your friends’ information, and passing the gathered information on to third-party marketers.

Facebook works best without any apps at all. If you don’t use them, you don’t have to worry about their invading or sharing your information.

If we could rid facebook of these five categories of hoaxes, our feeds would be a lot cleaner and the criminals who originate them would have to find other ways to generate thier ill-gotten cash.

Be Careful Out There.

The Old Wolf has spoken.

Attn;Beneficiary!

Posted on by The Old Wolf

The Lads from Lagos never seem to give up. What saddens me is that as long as these letters keep going out, it means that somewhere people are falling victim to this fraud.

38_021022_nigerianemailmain.jpg.CROP.original-original

From: “MR.JOHN FRANK” <office_moneygram@yahoo.com>

Subject: WELCOME TO WESTERN UNION HEAD OFFIC

WELCOME TO WESTERN UNION HEAD OFFICE
BENIN REPUBLIC COTONOU
MR.JOHN FRANK

Attn;Beneficiary,Information reaching us from our corporate headquarters now, states that you only have 72hours to effect payment for the activation of your MTCN to enable you cash up your first $5,000.00 from your total (fund us$4,800,000,00,) since you are finding it difficult to make this payment we have decided that you are to go ahead and pay whatever you have from $105US above for the activation fee since you are not able to come up with the required sum, time is of the essence here.

You are to pay what ever you have from $105US above for the activation fee we will activate your MTCN upon receipt of this payment.here is the payment for the $5,000 usd but you can not pick it up because the chairman of the western union say that before you pick that money you must pay the any amount you have from $105US above OK

Here is the Senders Information;
Sender Name, MIKE
sender last name, OGUEJI
MTCN:):759054421
Amount Sent $5000.00

Please be inform that we just give you Nine Numbers for now and the remaining one number will be giving to you as soon as you send the activation fee of $105 usd today I will give you the complete number to pick up your fest payment of $5,000.00 uas as well,

Be informed that you will have to pay the balance sum of your activation upon cashing up of your first 5,000.00 usd, also i am using this medium to inform you that failure to pay the balance sum will leave us with no option but to deactivate your mtcn of which you will and can never cash up the balance sum  I will wait to hear back from you in regard to this massage so that I will give you the information that you will use to send the $105 usd.

You are advice to get back as soon as you receive this massage so that we will furnish you with the information needed to send the activation fee of $105 usd to able us release your first payment to you as promise kindly give urgent attention we are waiting

MR.JOHN FRANK
EMAIL: (westernunion132@qq.com)
WESTERN UNION HEAD OFFICE BENIN
REPUBLIC COTONOU OPERATION MANAGER)

For what it’s worth, qq.com is a Chinese hosting outfit. For the love of Eudora Welty and the Concert of the Galaxy, never respond to emails of this nature.

☛ NO ONE IN AFRICA HAS MONEY FOR YOU. THEY ONLY WANT YOURS, AND THEY WILL HAPPILY TAKE AS MUCH AS YOU ARE WILLING TO SEND THEM. ☚

Please protect your loved ones. Make sure they understand this.

DrudgeSirenSmall NEVER SEND MONEY BY WESTERN UNION, MONEY GRAM, GREEN DOT MONEYPAK, OR ANY OTHER METHOD TO SOMEONE YOU DO NOT KNOW. YOU ARE BEING SCAMMED. DrudgeSirenSmall

Phishing: My Yahoo Account has “expired.”

Posted on by The Old Wolf

Phishing, as I have mentioned numerous times elsewhere, is rampant. In a world with over 7 billion people, it’s hard to say how many electronic bad guys there are out there, but even if its a relatively small number, the nature of the web gives the bad actors a lot more access to a global pool of potential victims than your average con-man enjoyed in pre-internet days.

This email arrived this morning:

yahoo1

Two things:

  1. YahooMail is always free. There’s a no-ad service you can pay for, but the drones are counting on the fact that grandma or grandpa (or any other potential sucker) won’t know that.
    77
    A significant portion of internet users are terribly un-technical, and find computers are to be feared; if they use them at all, it’s on a cookbook level. “If you see it on the internet, it has to be true” is sadly a part of far too many people’s psyches, hence many people get taken advantage of in myriad ways.
  2. See that little yellow circle by the link? If you hover over it with your mouse, you’ll get a popup indicating how any particular website has been rated by users for trustworthiness and child safety.Yahoo2That’s a function of a browser extension called “WOT” (Web of Trust) that I have mentioned elsewhere. It’s invaluable for stopping problems before they start. The circles displayed are green, yellow, or red, and you can follow the “Click to view details” link for more information, user reviews, or to rate a site yourself if you have a (free) account.It’s not perfect by any means – WOT can be subject to shill reviews and malicious comments from unethical competitors and the like, but like anything else on the internet, it’s part of a body of evidence and I find it extremely useful as a canary in the mine.  In this case, the top-level domain “twomini.com” is rated very poorly on both counts, with the one user-posted review stating “Domainhoster hosting sites used for fraud, scam and Accountphishing.” Which is certainly true in this case.

If you hover over the “go here” link, your browser indicates that you are being directed to “http://bit.ly/10VyM2I&#8221; which is most definitely NOT a Yahoo address. It’s a shortened link which expands to:

DrudgeSirenSmallhttp://infoskale.twomini.com/obyno/Connect%26True%3DUser1%25%3DXclusiv-
3D%23Anonymous7Dole%3DReason%26Upgrade1%25continue%25True4.php DrudgeSirenSmall

Web addresses like that are not necessarily bad in and of themselves, but they are not what you would expect to see when you visit a major site like Yahoo, or Comcast, or your financial institution. Those little drudge lights up there point out that this kind of URL is a red flag for suspicious activity, and to proceed with extreme caution.

If the victim unwisely clicks on the link, they get this:

Yahoo3

which quickly redirects to this:

Yahoo4

If you try to “log in” from this screen, your account information is sent to Russia or the Ukraine or Nigeria or somewhere else, and the bad boys now have access to all your email, as well as an account to send out spamvertising or other scams with, and they do so on a regular basis. The victim is then sent back to the regular Yahoo Mail  website, and continues on their merry way none the wiser.

indiana_jones_grail_knight-you-have-chosen-poorly

I logged in several times with user names like “ScammersEatCamelDung”, just to make sure they got the message. Of course, it’s possible that responses are simply harvested into a login script that will never be seen, but what the heck; I’ll take any opportunity to insult one of these wastes of human cytoplasm.

Please be careful out there, and for the love of Ella Wheeler Wilcox and the music of the spheres, protect your loved ones. If you have people you care about who use the computer and who are not tech-savvy, educate them on how to protect themselves from scammers.

We demand that people get licenses to drive a car; it’s a shame no basic training is required before venturing into the potentially-scary world of the internet.

The Old Wolf has spoken.

Don’t Help the Scammers

Posted on by The Old Wolf

There’s an old joke circulating out there that occasionally crops up in people’s inboxes:

You have just received the [Amish/Polish/Aggie, etc.] Virus! Because we don't know
how to program computers, this virus works on the honor system.
Please delete all the files from your hard drive and manually
forward this virus to everyone on your mailing list.
Thanks for your cooperation.

It goes without saying that this would be a Bad Idea. That said, there is a very current scam going on which I ran across yesterday, in which the victim is carefully walked step-by-step through the operations necessary to allow Bad Guys to take control of their computer. I referred to it in a previous post, but here’s the complete run-down.

While researching spoofed and phishing URLs, I decided to use a misspelling of a popular website as an example. I typed in http://www.micorsoft.com (DO NOT DO THIS!) and discovered a rat’s nest of scam operations embedded in this one redirect.

According to WHOIS, the domain is registered thusly:

Domain Name: MICORSOFT.COM
Registrar: EPIK, INC.
Whois Server: whois.epik.com
Referral URL: http://epik.com
Name Server: NS1.DNSLINK.COM
Name Server: NS2.DNSLINK.COM
Status: ok
Updated Date: 19-oct-2014
Creation Date: 13-oct-2001
Expiration Date: 13-oct-2015

Epik is a domain-name registry service, so beyond that I don’t have the chops to dig deeper and see who is really running this operation, but this much I know – they’re wastes of human cytoplasm.

This domain redirects to a number of different scams.

1) You’ve won a prize!

Prize1

Here’s the first popup. The URL is your typical scam alphabet soup address.

Prize2

After answering four inane questions about age, whether you shop on line, gender, etc. you’re presented with this:

Prize3

Well, of course I qualify. You think the scammers would turn down a sucker? No, I didn’t win a prize, I won a “chance” for a grocery gift card. Call the number, and what you hear is “Congratulations! Won a chance to win a gift card!. Stay on the line to complete your entry! Dingdingding your initial entry has been registered, but stay on the line for other additional offers!” You then are bombarded with advertising. Since I used Google Voice to call, there’s no way they could possibly know who is calling or how to contact you if you were really a winner – this is just spamvertising, pure and simple.

2) The Random Cybersquatting Page

Next, i was redirected to this horrific URL:

http://www.searchnet.com/Search/Index?
utm_source=8&utm_campaign=AuctionErrorWithInfo&utm_term=XP%20Home%20Premium;
Microsoft;microsoft;download%20internet%20explorer%2010;microsoft.com;www.microsoft.com;
microsoft%20windows;window%20live%20messenger;servers%20xp;microsoft%20help%20support;
microsoft;microsoft%20help%20center;online%20ms%20training;
microsoft%20programs;xp%20small%20business%20edition%20;downloads;
microsoft.com;windows%20updates&utm_medium=Ciclostare32

User Nokkenbuer at WOT (Web of Trust) posted on 09/21/2014:

  • I don’t trust
  • Malware or viruses
  • Poor customer experience
  • Scam
  • Misleading claims or unethical
  • Privacy risks
  • Suspicious
  • Spam
  • Potentially unwanted programs

This website was involved in redirecting me to a malicious site after accessing a typosquatter website (http://www.micorsoft.com/). I do not trust it and may aid in infecting your computer with unwanted malware, spyware, or grayware.”

By the way, if you don’t have the WOT extension on your computer, I’d recommend it. It gives you advance warning of sites that have been flagged as malicious, like this:

Wot1

For any site, you can always “read more” to see what users have said. It’s wise to do, because on occasion a website was flagged early for suspicious behavior, but domains change hands and it could be a legitimate site at the present time. User comments will usually reflect this. At all events, you have the option of leaving before you actually visit a potentially dangerous website. Sign up, and you can leave your own feedback for websites as well.

3) Is Your Computer Running Slowly?

slow1

If you click OK, you’re directed to this page:

 Slow2

This one looks slick and official, but it’s a solid guarantee that if you call that toll-free number, you’re at risk for being scammed or having your computer infected or both.

4) The Scare Tactic

This is the one I referred to in my earlier post, and today I followed up on the game to see how it plays out.

Viruse2

This page is a little different than the first one I encountered; it doesn’t mention specific viruses, but includes an annoying, repeating, and loud chirp to add urgency to the scam. If you try to navigate away from the page, you get this:

virus1

If you bite and call the number (855- 979-7382) you will be connected to a polite-sounding Indian or Pakistani boiler-room worker who will engage you as follows:

  1. I was asked kind of problems you are experiencing, what kind of computer I am running, and what my operating system is.
  2. On a Win7 box (your mileage may vary for other operating systems) I was asked to hit “Windows-R” to open the Run dialog, and then type in “MSConfig” and hit enter. This is harmless, but displays running services on your computer.
  3. I was asked if more than 15 services were stopped?
  4. I responded that yes, more than 15 services were stopped.
  5. The agent informed me that since more than 20% of my services were stopped, my system was vulnerable to application errors. Once Windows 7 has services stopped, that is the main problem. This, of course, is utter bulldust, but is technobabble enough to flummox most callers who get this far.
  6. I was told that we need to check why these services are stopped. Again directed to the “Run” dialog, I was instructed to type in “hh h” and hit “Enter”. This brings up the HTML Help Window, which “Cannot be Displayed.”
    Help1
  7. I was instructed to hover my mouse over the little question-mark icon in the window, and select the “Jump to URL” option.
    Help2
  8. I am presented with a dialog box, and asked to enter the specified URL:
    Scam3
    N    ote: This is a sneaky way to get you to visit a website, instead of typing it directly in the URL bar.
  9. Once this is done, I am directed to this website: https://secure.logmeinrescue.com/customer/code.aspx
    Login
    This is a website which allows outside users to take control of your computer, usually for tech support reasons. If you trust the party on the other end it can be useful, although I prefer to use TeamViewer.
  10. Before proceeding, the agent had me run inetcpl.cpl, click on the connections tab, and ensure that no proxy was being used.
  11. Having done this, the agent instructed me to enter the code 941073, and hit “Enter.” He asked me what I saw on my screen.
  12. At this point, I told him the only thing I saw was myself closing Chrome, because I had no intention to give control of my machine to a bunch of scammers, and hung up.

There are enough methods out there that the Bad Guys can infect your computer if you’re not careful, but helping them with the process is generally a Lousy Idea.

Be careful out there.

The Old Wolf has spoken.

Taking the High Road with a Scammer

Posted on by The Old Wolf

Man-shouting-into-a-phone-012

Photo: Alamy

If you follow my blog, you’ll know it has become somewhat of a warning beacon against scams and frauds, which little crusade began after my own mother was scammed by cross-border fraudsters out of a large chunk of her savings.

Here, however, is an interesting article from The Guardian entitled “How I Talked a Scammer Into a Better Life Choice.”

Written by Amanda Willis, it describes her conversation with a Pakistan-based boiler-room worker who was trying to get her to download malware. The results were encouraging, and worthy of being shared. Her entire essay is definitely worth a read.

The tagline of the article is “Getting angry with fraudsters dehumanises them, but if we engage them in conversation we might be surprised by the results.”

Unfortunately, many scammers who are directly involved in criminal enterprises become frighteningly abusive when confronted with their scam, and I’m not sure I want to get involved with inviting that sort of negative energy into my life. But the principle at work here is the one found in Proverbs 25:21-22:

If thine enemy be hungry, give him bread to eat; and if he be thirsty, give him water to drink:For thou shalt heap coals of fire upon his head, and the Lord shall reward thee.

The Old Wolf has spoken

The Next “Miracle Weight Loss Herb” – Caralluma Fimbriata

Posted on by The Old Wolf

According to Wikipedia, caralluma ascendens, another name for caralluma fimbriata, is an edible form of cactus used throughout the Indian subcontinent as an appetite suppressant, or so-called “famine food.”

Leave it to the snake-oil hawkers to turn this into the next big thing they can make a few bucks on.

Got an email today from a “friend,” one whose email account or information had been compromised:

From: Redacted

To: store-news@amazon.com, ChaseNotification@emailonline.chase.com,

…snip… pmlncc@kkwl.ac.th, mrs.phillipjones@live.com

Subject: [Redacted]

Hi! How are you?

It works! http://nationalbranding.com/probably/dead.php

[Name Redacted]

These spoofed emails are so transparent at this point that I can smell the fraud before I even open them. But, in the interest of public service, I follow these links to see what new scam is being perpetrated on the general public.

Today’s bowl of steaming camel ejecta led me to a website hawking caralluma, the new New NEW weight-loss miracle.

Landing

This is the same kind of affiliate marketing effluence that I have described elsewhere (just do a search at this blog for garcinia cambogia, for example).  Notice the tiny print below “ACT NOW!” that obligates you to a monthly $10.00 charge. But in the end, they’re less concerned with selling you their product as they are about getting your information which in the long run is much more valuable to them than a single sale.

Smell the foul rot of desperation as we proceed through the following screens:

Hook7

The first come-on is BOGO. If we don’t fall for that, we get this:

Hook1

Wait wait wait! OK, what now?

Hook2.jp

One of 50 customers, huh? Wow, I must really be special. But I guess I’m not really interested after all.

Hook3

Wait wait wait! Wow, a free trial bottle, and the offer is good for only 10 minutes! Shall we look and see?

Hook4

Now this is a wondrous thing. Instead of caralluma, I’ve been sent to a page to order garcinia cambogia. Looks like the affiliate marketer forgot to update his previous campaign.

Hook5.jp

More desperation.

Hook6

Now the bottle is free, and I only have to pay 99¢ for shipping. But remember, I’m still providing my credit card information, and obligating myself to that $10.00 per month “subscription.” Once these drones have your financial information, they are in a position to bill you for anything they want, or sell your credit card and personal information to other scumsuckers.

It’s all garbage, poorly-crafted but sadly effective affiliate marketing for products that have little or no value, or worse, are actually detrimental to your health.

Be careful out there.

The Old Wolf has spoken.

Another “Domain Registration” Scam

Posted on by The Old Wolf

Edit: 5/26/2025 – Still going on. Mail received from “Domain Name Services” in Buffalo, NY. They want $265.00 for a 5-year renewal

Here’s some junk email that showed up this morning:

ATTENTION: IMPORTANT NOTICE
Domain SEO Service Registration Corp.
Order#: 780438
Date: 12/14/2014

EXPIRATION NOTICE

DOMAIN: [redacted]

Notification Offer
EXPIRATION DATE: 12/22/2014

Bill To: [Redacted]
Domain Name: [Redacted]
Registration SEO Period: 01/05/2015 to 01/05/2016
Price: $64.00
Term: 1 Year

SECURE ONLINE PAYMENT

Domain Name: [Domain Name Redacted]
Attn: [Owner Name Redacted]

This important expiration notification notifies you about the expiration notice of your domain registration for [edited.com search engine submission. The information in this expiration notification may contain confidential and/or legally privileged information from the notification processing department of the Domain SEO Service Registration. This information is intended only for the use of the individual(s) named above.
If you fail to complete your domain name registration [edited].com search engine service by the expiration date, may result in the cancellation of this domain name notification offer notice.

PLEASE CLICK ON SECURE ONLINE PAYMENT TO COMPLETE YOUR PAYMENT.

Failure to complete your domain name registration [redacted] search engine service process may make it difficult for customers to find you on the web.

CLICK UNDERNEATH FOR IMMEDIATE PAYMENT

PROCESS PAYMENT FOR
[Domain Redacted]
SECURE ONLINE PAYMENT
ACT IMMEDIATELY

This domain registration for [Domain Redacted] search engine service notification will expire 12/22/2014.

Instructions and Unsubscribe Instructions:

You have received this message because you elected to receive special notification offers. If you no longer wish to receive our notifications, please unsubscribe here or mail us a written request to Domain SEO Service Registration Corp., 5379 Lyons Rd. 452, Coconut Creek, FL 33073. If you have multiple accounts with us, you must opt out for each one individually in order to stop receiving notifications notices. We are a search engine optimization company. We do not directly register or renew domain names. We are selling traffic generator software tools. This message is CAN-SPAM compliant. THIS IS NOT A BILL. THIS IS A NOTIFICATION OFFER. YOU ARE UNDER NO OBLIGATION TO PAY THE AMOUNT STATED UNLESS YOU ACCEPT THIS NOTIFICATION OFFER. Please do not reply to this email, as we are not able to respond to messages sent to this address.

Notice several things about this garbage:

  1. The emphasized text in the spam disclaimer, written in tiny, gray print so as to be ignored, states clearly that you are signing up for worthless services, not domain registration. This shows the blatant deception being perpetrated here.
    disclaimer
  2. It’s designed to look like an invoice. There are, sadly, many unwitting office managers and secretaries and even executives who will take one look at this, pay the invoice, and kiss their money goodbye.
  3. The “registration service” being offered comes from http://www.domainrseo.net/, which has been flagged by Web of Trust (WOT) as Phishing, Scam, Potentially illegal, Misleading claims or unethical, and Spam site. The two posted comments are informative:

User Carl Legg posted on 11/29/2014

WARNING: New Internet scam out of a shoebox office in Florida. Called Domain SEO Service Registration Corp. It’s the same, tired old false flag operation.

1.) Perpetrator looks up domain names (owner contact information is public)
2.) Perpetrator e-mails domain-name owner with an official looking “Payment Notice”
3.) Threatening “expiration” deadlines are made in the Payment Notice
4.) Payment notice written in legal-technical gobbledegook to scare people into paying.

The perp makes it look like you are renewing your domain name, but in reality, and through some seriously twisted use of English language (that leaves one’s head swimming), you are signing up for one year of expensive search-engine optimization. Many people would not understand this, and the perp wants it that way.

Registered in Florida, but likely owned by a Hong Kong firm? Hard to tell. Here’s the registration data:

Florida Profit Corporation DOMAIN SEO SERVICE REGISTRATION CORP.
Filing Information Document NumberP14000093458
FEI/EIN Number NONE Date Filed 11/17/2014 State FL Status ACTIVE
Office/Director/Agent: TAUBERT, MATTHIAS (Matthias Taubert)
Principal Address 5379 LYONS RD. (452), COCONUT CREEK, FL 33073″

User eden-g posted on 11/29/2014
“Scam site engaged in misleading illegal activity owned by Chinese criminal Zhu Bing.”

I can’t speak to the source of the name in the second comment, but whoever is behind this scam is a dirtbag.

Be very careful out there. Domain registration scams are rampant, SEO firms are, for the most part, offering useless and expensive services, and most unsolicited commercial email is deceptive.

The Old Wolf has spoken.

Your Bank of America Account is Under Review. Right.

Posted on by The Old Wolf

Well, since I don’t have one, that would be a Neat Trick. But here’s the email:

From: Bank Of America <dugginp@pitt.k12.nc.us>
Date:12/08/2014 1:39 PM (GMT-07:00)
To:
Subject: Your Bank Of America Account is under review

Your Bank Of America Account is under review

Bank Of America is reviewing some costumers account for possible Fraudulent & unpaid bills. The balance for your checking & saving account has reached reviewable level (uncharged & un-deducted billing).This information is accurate as of 5/12//2014 03:44:12 CST. You are required to, sign on and verify  your account informations.If you have questions, Bank Of America Online Customer Service is available 24 hours a day, 7 days a week. Sign on to send a secure email.    bankofamerica.com | Fraud Information Center

Suffice it to say this is a phishing email of the worst kind. The embedded “sign on” links take you to this link (obfuscated):

http://conwaycentralbaptist.org/blah-blah-blah/.safe.ssl-comfirmed-onlinebankingofamerica.com/index.html

In case you needed an additional hint, this is not a Bank of America website.

Conway Central Baptist Church will probably not be pleased that someone has infiltrated their servers and is using them to host phishing data; they have been informed.

But the website looks like this:

bank

They want all sorts of information from you, including “Father’s Maiden Name” and “Father’s Middles Name.” If those aren’t screaming red flags , I don’t know what would be.

So many scumbags out there want your identity, your financial information, and your money, and they would sell their own mothers to get it.

Be careful out there.

The Old Wolf has spoken.