E-mail spam and scam roundup for June 3 - 9, 2013.
June 9, 2013
Since the recent forced shutdown and seizure of Liberty Reserve, a major payment portal used by cybercriminals (and also, unfortunately, many innocent people), spammers and scammers have been experiencing trouble getting paid their ill-gotten money. Nonetheless, certain types of spam continue to flood our inboxes, as shown in this article.
My stats are derived from MailWasher Pro, which is a desktop POP3 and IMAP spam filter that goes between your email server and your email client. The classifications of spam come from spam filters I write and publish for use by other MailWasher Pro users.
SPAM
This week the majority of spam was for counterfeit or useless drugs, most with domain names that begin with "greecoffeeultra." These domains are often registered on the day you begin seeing spam claiming you only have 24 or 48 hours to act, or some similar garbage subject. I did some research into a few of these domains and learned that the ones arriving today were just registered a few hours earlier and are set to expire in just two weeks. The "Registrar" is listed as Domain Silver Inc., in the Seychelles. It is very unusual to allow such a short registration period and it is no surprise that spammers are attracted to this company.
The From addresses are composed in two parts. The first shows a name, like iWellHealth, GreatHealth, or something similar. The second part is the email address, which is totally bogus. They are composed of about 10 or 12 characters of random upper and lower case letters, followed by three digits, then some imaginary or real domain name. I have updated my MailWasher filter for "Known Spam [From] to detect and auto-delete these messages so you don't have to deal with them.
Most of these "greencoffee" domains end in the extension .pl - which stands for Poland. The websites are hosted in the Ukraine and did not return any results when I checked them. But, they are active websites and may be populated with illicit content at any time.
Other drug spam is for Russian domains (.ru), which are only supposed to be registered to Russian citizens. The websites at the end of the links were mostly hosted in ...The Ukraine. They have a big spam hosting problem there.
If you value your health and money, don't click on the links in these Russian/Ukrainian drug spam messages! The drugs, should you ever receive them (most are seized by Customs) sometimes contain dangerous additives and are concocted in rogue drug labs. The websites promoting these drugs are built by Russian cybercriminal enterprises running affiliate programs and using botnets to send out billions of email spam and scams to folks like you and me. Once they get your debit or credit card details, they may sell it on the black market, or try to blackmail buyers into paying hush-money to not get turned in to Customs or your local Police for buying illicit controlled substances over the Internet.
Scams
This week's email scams include Nigerian 419 advance fee fraud scams, which almost never disappear completely, followed by the last minute return of a new Pump And Dump Scam. This Pump And Dump is pushing a stock with the unlikely symbol HAIR. They are talking it up with all kinds of fake news and imaginary projections. They have invested some big money into this stock and want to fool you and as many others as possible into purchasing large volumes of it to drive up the price. As soon as the price reaches what looks like the best it will reach, these scammers will dump all of their shares. You, and the other persons who were fooled will be left holding the bag, which will be empty.
What happened to the last company that was Pump and Dumped?
In case you missed it, or was unlucky enough to have invested into it, the previous Pump and Dump scam was for a stock with the symbol BYSD. At the height of the scam it reached about 1.5 cents per share. It shelved at that level for a few hours on the first couple of days it ran, at the end of May, then began tanking, as the people behind the scam sold off their shares. Instead of tripling or quadrupling their holdings, the later investors ended up scamming each other to try to just break even. Eventually, after two weeks, the value is not even listed on the penny stock chart, as it is way below a few hundredths of a cent. All you see is goose-eggs for the value per share. OTC refused to list its value at all because it was being promoted by spam. All you see on the otcmarkets.com reports pages for BYSD is a black skull and crossbones.
People who bought into that scam at a penny would have lost everything they invested and be left with less than half the value. Worse, the stock value of the company itself has been cut in half, leaving them in a financial mess.
Epilogue
Delete scams and spam on sight. If you lack proper rules and filters from browser based email, see if you can convert over to POP3 email, using a desktop email client (program). Windows Live Mail (WLM) is easy to use and offers user configurable spam rules and other means of detecting and routing spam to a junk folder. I use this email client, but set it to not check for incoming messages automatically. Instead, I use MailWasher Pro to screen all incoming email for spam, scams, or malware threats in links or attachments. The bad stuff gets deleted, then I manually download the desired messages to WLM.
Avoid buying or investing into any goods or services promoted by spammers. This is the best way to discourage these criminals who only persist because many people are still willing to buy the junk the spam out via their botnets. Not buying from them is as effective than shutting down servers and payment processors (which is damn effective!).
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.