A short anatomy of a work at home scam
It is a virtual certainty that if you have an email account and use it, your address will end up on one or more spam databases. No matter how well you protect your own equipment, you cannot say the same for all of your email recipients, or even newsletter senders. Spammers have ways and means of stealing email contact databases and spamming every address on those lists.
'Nuf said about how you got on spam lists. __it happens.
One of the long running email scams involves work at home schemes and the related field of money mule and drop reshipping recruitment. The email letters promoting these usually illegal activities start with what seems to be a friendly letter from someone who watched a program on a certain news channel and is now making big money by using that system. Since they care about you so much, they want you to benefit like they have. All you have to do is click on the link, read the information at the landing page and sign on.
The email come-ons mention how much money so and so made in just their first day or two, etc. The landing pages look like TV station pages with reports about an exciting work at home career opportunity. They even have videos purporting to be done by news reporters, about these so-called jobs. But, everything on these web pages is fake. It is a scam.
Before you click any such link, in an email about a work at home job, consider the following facts that I have pulled from my most recent work at home scam.
Anatomy of a recent work at home email scam
There it was, in my MailWasher Pro Inbox, not yet marked as good or spam, with the enticing subject: "Re: Imagine a great future online." The "Re:" at the beginning of the message makes it appear that the sender is responding to an email the recipient must have sent first. This is a common ruse used by many spammers. Sometimes they use "Fw" or "Fwd" to make it appear to be a forwarded message from some distant acquaintance.
I opened the message in plain text in the preview pane and here is part of what the body text contained:
Evening, so I was bored at work as per usual reading on FOXs county entrepreneur testimonials early last monday and saw some new online based job that helps retired school teachers constantly make up to $3700 per week or more and he didn't trust most of it at the beginning but for some reason we really had to give it a try and thankfully I did because I've somehow made $378.84 my very first day trying.
The message goes on to urge you to go to the website that is included in the message body. In this case, it was a domain that contained two important keywords for this type of scam: "income" and "home." Since most recipients of these email scams in English live in North America, England, Australia or New Zealand, they might expect that a website advertising work at home opportunities to them, in English, would be based in their own countries. If you think so, you are dead wrong!
The email came from a free Yahoo email account. It was either stolen by a key logger on a victim's computer, phished by a scam email, hacked by using a dictionary attack to guess the password, or created by a spambot. One good feature of email sent through Yahoo mail servers is that the originating IP is listed below a huge line of tracking codes. In this case, the originating IP was: 217.79.87.227 - which when run through a "Whois" look-up turns out to be assigned to an ISP in Bulgaria.
Are you suspicious yet? Ya should be! The email that appears to come from an acquaintance on Yahoo was actually relayed by Yahoo from an Internet Service customer somewhere in Bulgaria. Got friends in Bulgaria? Not me!
Let's light up and move along (as Bocephus says). What about the link where we can read the same information that helped our mysterious benefactor earn $378.84 on his very first day? A Whois on the domain reveals that it is definitely not in the good old USA (where I live and the email was sent). Rather, the domain in the link is actually registered in --- (drum roll) ---The Ukraine!
More exposé: The Domain in question has a creation date of: 26-Oct-2011. As I write this it is 31 Oct, 2011. That means the news event and entire story was only created and registered 5 days ago. That's some hot story, huh? NOT! The "Name Servers" used to deliver the website to victims, er visitors, are Russian servers:
ns1.homebiz16now.ru
ns2.homebiz16now.ru
ns3.homebiz16now.ru
In case you are thinking that some otherwise decent chap in the States chose to register his web domain in Russia to save money, you're wrong again. The Registrant is listed as:
Svetlana Poltavceva
ul. Leninskaya 17 43
Yubileynyy, 141090
RUSSIAN FEDERATION
Okay. The email came from Bulgaria. The website in the message is Registered in the Ukraine by a Russian woman (allegedly). But, where is the website "hosted?"
IP Address: 94.63.243.128
ASN: AS30890
IP Location: Romania
Do you really think you are going to learn the secrets to wealth by visiting a website advertised by spam email, sent from Bulgaria, Registered in The Ukraine by a Russian Citizen residing in Russia, through a website hosted in Romania, the home of Count Dracula? I think not!
The only wealth being generated by these websites is the wealth earned by the cyber crooks running this scam, as they take your money and deliver nothing, Or, worse, take your money and your credit card details and sell them on a Russian carders forum.
The only good place for these and all other work at home scams is in the deleted items folder, which should be emptied every time you close your email client!
If you want to learn more about the email spam filtering program I mentioned earlier in this article, go to my MailWasher Pro page. I write spam filters for MailWasher, some of which block work at home scams and many other past and current email threats.
If you are curious about how I read the headers to trace this email, read my blog article about "How to display the headers of spam/scam emails."