esp logo
 Elliott Sound Products Scams 

Scams & Ripoffs #15 ...

Copyright © 2005-2023 - Rod Elliott (ESP)
Page Created October 2021
HomeMain Index HomeSpam, Scam & Security Index HomeMain Scam Index
Contents
Introduction

Some of us may have seen e-mails that claim that Amazon is running a competition where you can win a variety of prizes.

Amazon loyalty program pop ups are a social engineering attack that deceives you and other unsuspecting victims into filling out online surveys from this or similar webpages. Although this pop-up looks like a legitimate survey from Amazon, it actually has nothing to do with Amazon. Scammers have created this page in such a way as to mislead gullible Internet users, hoping that one of them will believe the message on this page and pass the survey.

15 - Amazon Prize Scam

My e-mail address has been removed, the remainder of the header (link below) is verbatim.

amazon

Well, could this be genuine?  NO!  It's purely a well disguised scam.  Most of the contents aren't visible in the email, as it's all hidden by the image.  The remainder of the email can be seen in the email header and most is random text taken from various locations.

See 'My Antispyware' for more details.

Shopping Scams (Plus Other 'Stuff')

Recently I received an email purporting to be from a 'Louis Vuitton outlet store'.  This is one of many that keep popping up, and nearly everyone gets them.  The trick is to understand that it is a scam, and not a genuine email.  The first clue is that you received an email from an outlet you've never bought from, and that should always raise suspicions.

In most email clients, the target URL ('universal resource locator') will show when you hover the mouse pointer over a link.  It's generally in the bottom left hand corner of your screen, and many people will never have noticed it.  In general, this doesn't work if you use your phone to read emails, and that's how many people get caught.  The email header information is Reproduced Here.  The sender (bacon@vivat.top) is most probably 'spoofed' - a technique used by email and phone scammers all the time.  Most of the message was the image (below), taking up 270 KB in all (a big message!).

vitton

The 'buttons' and links (e.g. 'Unsubscribe Instantly', 'Shop Now>', 'SHOP NOW') are all bogus, and most go to the same URL, but with different 'garbage' (everything after the '.com/').  For the email I received, the URLs were long and mostly obscure, for example ...

https://subscriber.powderkegultimate.com/SubscribeClick?cu=vl21&rko05zv7=XXXX@XXXXXX.com&gxtjo=&ng%20accide=om%20a%20flying%20accident%20was%20prepared%20for%20what%20Ma

(I obscured my email address.) The only part of the URL that counts is 'powderkegultimate.com', as the 'subscriber.' prefix is a sub domain, and everything else is a reference to a particular piece of code (a web page) and other 'stuff' that is mostly just clutter.  In some cases it will be an instruction to download malicious code to your computer, so you should never click the link as you normally would.

What you should do is Right-Click, and select 'copy link location' or similar (it varies with email clients).  Next, you find out who the bastards are that are trying to scam you!

Having copied the link, open a new tab in your browser, and paste the link into the search bar.  DO NOT HIT ENTER!

Delete everything other than the 'powderkegultimate.com' (or whatever the URL is).  Position the cursor at the beginning of the URL, and type 'whois ' (the space is important).  The search panel should now show ...

whois powderkegultimate.com

Hit enter, and you'll see a number of suggestions that point to whois lookup sites.  These tell you who created the domain, where it's hosted, when it was created and a bunch of other information.

Unfortunately, scammers will nearly always use 'domain privacy' so you won't get a name, but you will get info similar to the following ...

https://www.whois.com/whois/powderkegultimate.com
 
Domain:powderkegultimate.com
Registrar:Realtime Register B.V.
Registered On:2022-02-21
Expires On:2023-02-21
Updated On:2023-01-06
Status:clientTransferProhibited
Name Servers:ainsley.ns.cloudflare.com
sam.ns.cloudflare.com
 
Country:NL
Email:https://mydomainprovider.com/contact_domain/

Scam websites are often at most a year old (often much less), and the whois tool lets you see this info.  While this might seem like a long process to see if the email is genuine or not, if you pay any money to powderkegultimate.com or any other scammer, getting your money back from the bank is far more difficult and usually has very limited success.

It won't take very long for you to really notice the link URLs, and when you see anything that looks suspicious, treat is as being potentially malicious.

Similar actions are/ should be taken with any email claiming you've won something (you haven't).  For reasons that I can't fathom, people are willing to accept that they have won a prize in a lottery they've never even heard of, let alone bought a ticket.  It should be fairly obvious that "no ticket = no prize".

No lottery or other reputable site will ever ask you to pay to receive your 'winnings'.  If the 'prize' is a physical good (perhaps a mobile (cell) phone or tablet), you won't have to pay for shipment.  Genuine prizes include delivery, and the "we need you to pay for postage" scam is well known and it's been used for years (remember the Nigerian Prince with $1,000,000 to give away?).

HomeMain Index HomeSpam, Scam & Security Index HomeMain Scam Index
Copyright Notice.  This article, including but not limited to all text and diagrams, may be freely distributed in the interests of helping to prevent fraud, scams and spam. Please include a link to this page if you use the info elsewhere.  Note that the ESP® logo is the registered trade mark of Elliott Sound Products, and may not be reproduced without permission from Rod Elliott.
Page created and copyright © 29 September 2019./ Updated Feb 2021 - MSC scam./ Jan 2023 - Louis Vuitton scam.