|
| Elliott Sound Products | Scams & Ripoffs |
Copyright © 2005 - Rod Elliott (ESP)
Page Created 07 March 2005, Updated 28 July 2009
Main Index
Spam, Scam & Security Index
Main Scam IndexThe e-mail header (View) shows where the mail came from, and the servers it passed through on the way to my mail client. My e-mail address and mail server IP addresses have been obscured, the remainder is verbatim.
| Hello! My name is Laura Southwell and I am the manager of a Human Recourses department of Swiss Invest company. The purpose of this message is to draw Your attention to a vacant position of a financial manager for cooperation with private individuals. But first of all - a few words about our company. Swiss Invest Ltd was founded in 1994. Our specialists grant services of purchase and sale, privatization, brokering and dealer transactions on stock exchange. We handle financial agency on equity market, using a great variety of investment instruments. Moreover we can conduct a private survey on stock market upon client's request. Professionalism and conscientiousness of our company enables us to attract a large number of clients. Nowadays Swiss Invest firmly holds a position of a leading company on European equity market, which ensures our stable development. So today, we are glad to offer You to: - become a part of our companyIn order to become our financial manager for cooperation with private individuals You ARE NOT OBLIGED TO HAVE ANY HIGHER OR PROFESSIONAL EDUCATION. You will just be supposed to: - have approximately 2 free hours a dayYOUR PARTICIPATION IS ESSENTIAL TO enable us to grant our clients the best service in shortest dates. OUR RESPONSIBILITIES will be: - to receive payments for the ordered stocks and bonds from the Swiss Invest clients (private individuals) to Your bank accountThe transfer should be done by the means of Western Union or money Gram services to fasten the process of the delivery of the funds. Your SALARY is 8% commission out of every deposit that You receive on Your bank account. If you are interested in the vacancy offered, please get some more detailed information on the following E-mail address: contact@swis-invest-ltd.comOur managers will be glad to answer any questions. We are looking forward to working with You! I am sorry if this letter has been sent to You by mistake. In that case, please be so kind to delete it. Yours faithfully Laura Southwell |
Well, could this be genuine? NO! Reputable companies never spam people, and if you really have been sought out, they will use your name. The header of e-mails is often a dead giveaway, as is spelling and punctuation, use of capital letters and general structure.
Note that the return e-mail address is "swis-invest-ltd.com" - there is an 's' missing from 'swiss'. In this case, the header shows that the e-mail has been bounced around - one of the suspicious domains being 'noscash.com'. If you look it up, it appears to be a porn site hosting service or a porn referral service of some kind.
Would a reputable company use a very dodgy porn oriented site to send their e-mails? Seems somewhat unlikely (to put it mildly).
Firstly, this scam appears to use the name of a real company, in the hope that you will be tricked into believing that it is genuine. It isn't!
Like many such scams, you become a part of a fraud or a money laundering scheme. Money (possibly illegally removed from other accounts after a successful phishing expedition) is sent to your bank account (so you can be traced), and you pass it on using absolutely untraceable Western Union or 'money gram' services. When (not if, when) the police come knocking on your door because of suspicious activities (for example, the scammers might be pretending to sell something, but never deliver, or the illegal bank transfers are traced to your account), do you honestly think that the courts are going to believe that you had nothing to do with it?
This type of scam still catches lots of people. Relatively innocent (but naive or stupid) people have been prosecuted for being part of frauds just like this one.
This is a classic phishing e-mail. Nothing about it is genuine, the grammar is certainly not what one would expect from a major bank, and the underlying text shows absolutely that it is a fraud. Also, in Australia, 'apologize' is spelled 'apologise'. This is not a mistake I'd expect any genuine Australian company (or bank) to make.
The underlying text was not visible in the e-mail, but displaying the message source (which also shows the header info) reveals what is underneath ...
<HTML><HEAD>
<META =20http-equiv=3DContent-Type=20content=3D"text/html; =20charset=3D=
utf-8">
<META =20content=3D"MSHTML =206.00.2800.1522" =20name=3DGENERATO=
R></HEAD>
<BODY=20bgcolor=3D"#FFFFF2" =20text=3D"#0CBFB8">
<a =20hRef=3Dhttp://www.national.com.au.r0f4p0dr.dllinfo.cn/r1/n/>
<img=20src=3D"cid:2CBTEF1WUP" =20border=3D0></a>
</p><p><font =20color=3D"#FFFFF4">"In a case like that, Daniel did. =
=20brazilian =20ablaze =20The gray cloud lowered.</font></p><p><font =
=20color=3D"#FFFFFE">He had been raised in suburban Boston and had lived m=
ost of his life in New York City, but he thought he knew what those pained=
cow-bellows meant. =20That bird came from Africa. =20Anger? =20Why, F.=
=20"Someone could have come along and eased the boy's terror, but no=
body did. =20, you raised your hand if you thought she had, left it down i=
f you thought she had blown it. =20He sat stiffly, hearing the small s=
ound of something being set carefully back down (the penguin on his block =
of ice, perhaps), his hands clasped tightly on the arms of the wheelchair.=
=20bereft</font></p>
</BODY>
</HTML>
--OO91BW7JKGQWEH1ICKK771
Content-Type: image/gif; name="besmirch.gif"
Content-Transfer-Encoding: base64
Content-ID: <2CBTEF1WUP>
The above is meaningless drivel, probably assembled by a computer program to make it appear to spam filters that there is a genuine message. Note that the image filename is 'besmirch.gif" - an interesting choice of words (besmirch means to stain or sully, or to make dirty, soil).
Again, the header is a dead giveaway that the message is a fraud (even if you didn't pick it as a phishing scam straight off). Although this scam is well below the standard that one would expect from a bank (it is extremely crude), it is possible (probable?) that a couple of people in Australia would have been caught.
In the site's source code, the date uses US format (mm/dd/yyyy) and is 10/23/2004 - this format is never used in Australia.
This is an easy one. The URL indicated on the visible message is completely different from that in the e-mail source. When you click on the image, you are directed to a website that looks (a bit) like the National Australia Bank's site, but asks you to provide your Enter your National ID, Internet Banking Password, your full name and e-mail address. Other similar scams ask for your PIN (Personal Identification Number) and many other things that no bank will ever ask. Such pages are almost never encrypted (watch for the padlock in the your web browser), and having looked at the page source for several such sites, the information is sent to a web address - it may be in Russia, China, The Philippines or any number of locations.
In this case, the site URL is registered in China (the URL looks like it's in Australia, but if you read all of it, you see it ends with 'cn' (China).
http://www.national.com.au.r0f4p0dr.dllinfo.cn/r1/n/
With any URL, the domain name is everything between the 'http://' and the next '/' character. This URL has been made to look like the real thing, but is obviously false. The site itself goes to great pains to make sure that you can't see the source code, and makes heavy use of Javascript, popups (which reload as soon as you close them - major alert!!), and after you enter your details (I entered complete rubbish) redirects you back to the real NAB website. To the uninitiated, it might even look real. One thing they did that gives away the fact that it's a scam (to reasonably experienced Internet users) was to prevent you from viewing other open browser windows, the popup that refuses to close until you give it some information, and disabling editing of the URL (location) field - the traps used are never applied by any legitimate website.
Once the 'phishermen' have your details, they may withdraw funds from your account, and send the money thus obtained to another bank account in the same country. The Swiss Invest and Ecolife scams will hopefully (for the scammers) have provided a few suckers who will accept the fraudulent transfers and forward the scammer's ill gotten gains using an untraceable service such as the criminal organisation Western Union.
As always, make sure you view the message source of any suspect e-mail. The header information reveals a great deal - you don't need to understand all of it, just look for anything that is suspicious. The header for this scam shows where the message originated (commonly and almost certainly falsified), and the message path. Again, a porn site is a part of the message path (dam-teens.com), and again, no reputable business would use this method for mail delivery.
| If You are firm of purpose , active and are willing to earn some cash , then this offer is for You. The EcoLife Company is one of the largest cleansing facility dealers in the world. Every year we go out to the markets of different countries, keep and eye and study the demand and sales-market in every new country. As a result of our move to the market of USA, Germany, Belgium, United Kingdom, Spain, Italy, France and Greece we are having temporary employee recruitment for the position of a financial manager. It is required for You to be: - Honesty and responsibility - You must have a bank account - You must have several free time hours per day - You must have a phone number we can get through to You - You must have an email address The fact that You need no specialized knowledge or some sort of financial investment is sure an indisputable bonus of our partnership. The job we are offering to You consists of receiving bank wire transfers from our clients and partners on to Your bank account. Once the money is on Your account, You must send it to the customer's representative office that has the wares purchased by the customer in stock either via the Western Union or via the Money Gram. For Your service You get from 5% to 7% from the total amount of transferred funds. The EcoLife Company covers all other Western Union and Money Gram fees and costs. Your service won't be needed on a constant basis , but only for the time of our sales-market study in Your region and also for the time of registration of all necessary papers and the corporative accounts opening. You don't just earn cash by working with us , but also help saving and cleaning our endangered environment. If You have any questions, please contact us via email: info@ecoswiss-ltd.com Special offer! In order to work with us , you even may not have a bank account. You are welcome to consult our manager via the e-mail regarding this offer The EcoLife Company is very grateful and thankful for Your attention to our offer. www.monster.com supplied us with Your email at our desire because Your email address has been subscribed to the job-offer advertisements by You or someone else. Best wishes to You Klaus Preiss EcoLife Company Administration If the presence of this letter in Your email box is a mistake, the EcoLife company administration makes its apologies. Simply delete the letter. |
Note that this one may appeal to people who are concerned about the environment, so it has used a two-pronged approach to sucking you in. The promise of 'easy' money, plus, you will be helping our endangered environment. It's endangered alright, but these bastards won't be cleaning it up - they're too busy trying to clean you out!
There is a company called EcoLife, and the scam has no connection with the real company.
This scam is similar to the Swiss Invest scam above, and probably works in similar fashion. Naturally, it is difficult to know exactly what is planned, but we can be certain that someone else will benefit, and that we will end up with nothing more than an empty bank account and/or a prison sentence.
As for monster.com providing my e-mail address, this is pure fantasy. If monster.com has it, they obtained it illegally, since I have never given them my e-mail address, nor given anyone else permission to pass it on (to monster.com or anyone else).
The e-mail header) shows (as always) where the mail came from, and the servers it passed through on the way to my mail client.
Like the NAB scam (above), the displayed e-mail is a GIF file, and the underlying message is intended to confuse spam filters. The message body is displayed below. Like the NAB scam, the message is meaningless drivel.
<HTML><HEAD> <META =20http-equiv=3DContent-Type =20content=3D"text/html; =20charse= t=3Dutf-8"> <META=20content=3D"MSHTML=206.00.2800.1522" =20name=3DGENERATOR></HEAD= > <BODY =20bgcolor=3D"#FFFFF4" =20text=3D"#D2FA4C"> <a =20hREF=3Dhttp://www.seek.com.au.advertisers.alysass.com/r1/se/> <img =20src=3D"cid:G1B5UML3TM"=20border=3D0></a> </p><p><font =20color=3D"#FFFFF3">Not you, Annie.=20ablaze =20atlant= ic =20I'm sorry.</font></p><p><font =20color=3D"#FFFFF4">More be= es, giant Africa browns, the most poisonous and bad-tempered bees in all t= he world, crawled back and forth over the steel bracelet's before joining = the living gloves on Misery's hands.=20Not all her gear was stowed right; = lots of it was rolling around in the holds. =20And do you know why, Pau= l? =20The end of us.=20"Now you're hobbled,=BBshe said, "and don't you b= lame me. =20She slurped up the remainder of her sundae in five huge s= poonfuls that would have left Paul's throat gray with frostbite. =20"= She pulled the key from her skirt pocket and pushed him even farther to th= e left, so that his nose pressed the sheets. =20brenner</font></p> </BODY> </HTML>
This is probably one of the most pointless scams I've seen, but have no fear, the fraud artists have something up their collective sleeves.
I can only guess at what the plan is here. I think that the idea is to enable the criminals to post job ads that look legitimate, because they are listed on a well known employment site (seek.com.au). This is only a guess on my part, but seems the most likely purpose. It is also possible that they (the criminals) want to get access to company information, again, so they might be able to makes their fraud attempts appear legitimate to the average reader.
I used to have a habit of accessing the sites that the criminals promote, and giving them all the details they want, but all are just made up on the fly. I deliberately choose login names that are highly unlikely to exist, and passwords that tell the criminals just what I think of them 
. I've given up as it would occupy way too much time now.
|
Seek.com.au suggests the following ... Be wary of advertisers requesting the following information as part of the job application process:
Opportunities that seem to good to be true, usually are. Avoid employers who ask you to:
|
This is all common sense, but can easily be forgotten if you are desperate. A sad state of affairs, but these are the people most commonly targeted by the scammers.
This is unbelievable, but even more concerning is that fact that there's so little info on the Net about the criminal activity carried on from Spain. A charming little bunch that call themselves GT@P - Guida Telefax Anuario Profesional, S.L. (B-60514635) send out an innocent looking document encouraging you to update your details. Quote ...
With your cooperation, you are helping to keep the World Wide Web register up to date.
A complete scan of the document is shown below (the added highlighting is mine). While it looks innocuous enough with a quick glance, you quickly discover the real agenda buried in the fine print.
Note the highlighted sections, and also the "STAMP/LEGALLY BINDING SIGNATURE" panel. Normally, a signature on any document is automatically legally binding, so why did they make the point? That's simple ... because the document will be declared null and void by almost any court anywhere in the world, they have to try to convince the recipient that it really is binding. The German courts have already ruled that a company doing almost exactly the same thing in Germany should cease and desist, and change the deceptive wording - neither court order was obeyed.
I'm almost tempted to sign and return the document, then refuse to pay - there is nothing they can actually do about it. Such a document is illegal in Australia, but perhaps the Spanish courts could try to take action from there ... not likely. No, I'm not signing it
To see a couple of newer versions, look at World Business Guide and World Business List. Both open in a new browser tab. The price has gone up to €995 per year. They must be joking! However, companies have fallen for this, and I do hope yours is not one of them.
This is simply a way to try to get the unsuspecting company or webmaster to commit to paying these scoundrels €877 (AU$1500 close enough at the time of writing, but now €995) for each of three editions of their CD (a total of AU$4500!), and for an advertisement on their (utterly useless) website.
The real scam is that the fees are buried in the fine print - most people will only read the first few lines of a paragraph. Since the first few lines just mention that ensuring your details are up-to-date and GT@P states that they are responsible for maintaining their database. They imply that they are responsible for a lot more - look at the title of their site. URLs are maintained by many registrars worldwide, and the ultimate responsibility falls to ICANN - Internet Corporation for Assigned Names and Numbers. Some pissant scam company in Spain or the Netherlands has nothing to do with the process - they simply want your money.
More information was available, but it's now disappeared.
Main Index
Spam, Scam & Security Index
Main Scam Index