Archive for the ‘Money Making Scams’ Category

Royal Bank of Canada Phishing Scam

Monday, September 15th, 2014 by

I actually thought this was legit at first. Of course, as usual if I am not expecting an e-mail from a person then there is a high chance it is simply a phishing scam or spam e-mail. The e-mail was this and it essentially asks you to click on a link to receive a “secure message”:

rbcscam

If we actually look at the source of the e-mail though you can see that it tries to trick you into going to another site:

From – Mon Sep 15 14:22:32 2014
Return-Path: <AmericanExpress@welcome.aexp.com>
Received: (fqmail 26683 invoked from network); 15 Sep 2014 20:14:28 -0000
Received: (qmail 11125 invoked from network); 15 Sep 2014 20:14:23 -0000
Received: from [197.1.220.19] ([197.1.220.19])
Received: from (192.168.1.155) by welcome.aexp.com (197.1.220.19) with Microsoft SMTP Server id 8.0.685.24; Mon, 15 Sep 2014 21:14:25 +0100
Message-ID: <4712099136.NMZ97J33257605.907060@rbc.com>
Date: Mon, 15 Sep 2014 21:14:25 +0100
From:”Justin.Fuentes@rbc.com” <Justin.Fuentes@rbc.com>
Subject: New secure message from RBC Royal Bank
Content-Type: multipart/alternative;
boundary=”————07050800302030306010301″

This is a multi-part message in MIME format.
————–07050800302030306010301
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

You have received a secure messageThis is an automated message sent by Royal Bank Secure Messaging Server. The link above will only be active until: 09/16/2014 Please click here or follow this link : https://www1.royalbank.com/cgi-bin/rbaccess/rbcgi3m01 Help is available 24 hours a day by email at secure.emailhelp@rbcroyalbank.com If you have concerns about the validity of this message, please contact the sender directly. For questions about Royal Bank’s e-mail encryption service, please contact technical support at 1-800-769-2511. First time users – will need to register before reading the Secure Message. Help – https://mailsafe.rbcroyalbank.com/websafe/help?topic=RegEnvelopeAbout Royal Bank Encryption – https://mailsafe.rbcroyalbank.com/websafe/about © Royal Bank of Canada 2014 Privacy & Security|Legal|Accessibility|Contact Us|Unsubscribe

You have received a secure message
This is an automated message sent by Royal Bank Secure Messaging Server.
The link above will only be active until: 09/16/2014

Please click href=”http://melissigorta.com/www6.rbc.com/webapp/ukv0/signin/logon.html”>here or follow this link : href=”http://melissigorta.com/www6.rbc.com/webapp/ukv0/signin/logon.html”>https://www1.royalbank.com/cgi-bin/rbaccess/rbcgi3m01

Help is available 24 hours a day by email at href=”http://melissigorta.com/www6.rbc.com/webapp/ukv0/signin/logon.html”>secure.emailhelp@rbcroyalbank.com

If you have concerns about the validity of this message, please contact the sender directly. For questions about Royal Bank’s e-mail encryption service, please contact technical support at 1-800-769-2511.

First time users – will need to register before reading the Secure Message.

 

Just delete it if you see this message as they essentially want you to think you are logging in the bank’s site when in reality you will be entering your bank details to a third party site.

Tricky China Domain Registrar Spam E-mail

Sunday, June 8th, 2014 by

Usually it’s pretty easy to tell which e-mails are simply a scam where I would instantly hit the delete button.  Something about this one actually gave me a thought that it could be legitimate funny enough.  Of course, after reading the message it was too obvious.  In this case the mail tries to imply that there is a company trying to register a domain in their country with a name that conflicts with something you currently use.

I guess the dead giveaway for me was that there is no way a company would use the name of this domain considering I just randomly made it up as like a fictional term years ago.  But, in case anyone does think it is real here is what the e-mail looks like:

From – Sun Jun 08 14:02:41 2014
Return-Path: <jim.zhang@yg-registry.net>
Received: from ex01.ufhost.com (ex01.ufhost.com [61.152.239.75])
Received: from mail.euchost.com (unknown [10.5.5.26])
(using TLSv1 with cipher RC4-SHA (128/128 bits))
(Client did not present a certificate)
by ex01.ufhost.com (Postfix) with ESMTP id 716C224DEE1
Received: from hyng (101.228.211.168) by SHE15MB02.euchost.com (10.2.22.62)
with Microsoft SMTP Server (TLS) id 15.0.775.38; Mon, 9 Jun 2014 00:14:31
From: Jim Zhang <jim.zhang@yg-registry.net>
Subject: “al6400″
Date: Mon, 9 Jun 2014 00:20:26 +0800
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=”—-=_NextPart_000_0D6D_01147DA3.11DC09B0″
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
X-ClientProxiedBy: SHE15CA02.euchost.com (10.2.22.22) To
SHE15MB02.euchost.com (10.2.22.62)
X-Yovole13RuleAgent: yovoleflag

Dear Manager,
(If you are not the person who is in charge of this, please forward this to your CEO,Thanks)
This email is from China domain name registration center, which mainly deal with the domain name registration and dispute internationally in China.
We received an application from Huahong Ltd on June 3, 2014. They want to register ” al6400 ” as their Internet Keyword and ” al6400 .cn “、” al6400 .com.cn ” 、” al6400 .net.cn “、” al6400 .org.cn ” domain names etc.., they are in China domain names. But after checking it, we find “al6400 ” conflicts with your company. In order to deal with this matter better, so we send you email and confirm whether this company is your distributor or business partner in China or not?
Best Regards,
Jim
General Manager
Shanghai Office (Head Office)
3002, Nanhai Building, No. 854 Nandan Road,
Xuhui District, Shanghai 200070, China
Tel: +86 216191 8696
Mobile: +86 1870199 4951
Fax: +86 216191 8697
Web: www.yg-registry.net

Coca Cola 2014 Promotion

Tuesday, March 4th, 2014 by

This e-mail kind of caught my attention at first since it used a well-known brand name. Of course, after reading it the mil seems clearly to be an attempt to get information out of people. I like how all the places they tell you to contact is overseas as well. That should usually be a dead giveaway where something isn’t right as you wold think companies would have someone local handle these things usually. Stay away from this if you get it.

From – Tue Mar 04 21:57:43 2014
Return-Path:
Received: (fqmail 10695 invoked from network); 05 Mar 2014 02:29:35 -0000
Received: (qmail 14552 invoked from network); 5 Mar 2014 02:29:35 -0000
Received: from server12.nocdata2.com (server12.nocdata1.com [66.45.255.122])
Received: from localhost ([127.0.0.1]:50108 helo=www.citionline.sxx.in)
by server12.nocdata2.com with esmtpa (Exim 4.82)
(envelope-from
)
id 1WL1Xa-003lL7-1w; Tue, 04 Mar 2014 21:26:38 -0500
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8;
format=flowed
Content-Transfer-Encoding: 7bit
Date: Tue, 04 Mar 2014 21:26:37 -0500
From: COCA COLA

To: undisclosed-recipients:;
Subject: COCA COLA 2014 PROMOTION
Reply-To: cocacolapromothailand@yahoo.co.jp
Mail-Reply-To: cocacolapromothailand@yahoo.co.jp
Message-ID: <1dc98a00819a332198beb6ced7ddfa9d@citionline.sxx.in>
X-Sender: cocacolaadmin@cocacola.org
User-Agent: Roundcube Webmail/0.9.5
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname – server12.nocdata2.com
X-AntiAbuse: Originator/Caller UID/GID – [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain – cocacola.org
X-Get-Message-Sender-Via: server12.nocdata2.com: authenticated_id: citionli/only user confirmed/virtual account not confirmed


COCA COLA 2014 PROMOTION

This is to inform you that your email id has been selected for this 2014
Coca Cola promo award, The email ballot
systempromotion from our company here in Thailand (ASIA) with a cash
prize of1,000,000 Dollar.You are to contact your fiduciary agent for
therelease of your cash prize . Secret pin code D/M00147C.

CONTACT YOUR FIDUCIARY AGENT WITH THE
INFORMATION BELOW INCLUDING YOUR SECRET PIN CODE.

Name In Full:
Address:
Sex:
Age:
Personal Number:
Country:
Secret Pin code:
This details above you have to send to your
agent email id below.

Name: Dr Frank Johnson
Email: cocacolapromothailand@gmail.com
Note: Do not reply to this e-mail, Send an e-mail to your claims officer
with the contact details above.

Regards,
Mrs Ashley Powel
Online Co-ordinator
Congratulation once again from Coca Cola promo board

Sales Pitches Disguised As Travel Deals

Tuesday, September 24th, 2013 by

I was reading some interesting stories today of travels deals that seemed way too cheap here you have to wonder what the catch was. By cheap think of it as airfare and accommodations to places that would normally cost about $1000 come out to about $80. Again, sounds ridiculously cheap huh?

Apparently the catch was many of these trips are actually sponsored by businesses where as the tourist you are brought to places such as shops and markets where people are pressured to buy useless items. In many examples I have read people were buying hundreds of dollars of items due to the high pressure sale tactics. So in the end, they didn’t really get to see any great landmarks that you would expect when taking a vacation. As well, most people ended up paying just as much due to all the junk they bought.

As the old saying goes, if it sounds too good to be true it probably is. It does make me wonder how companies can survive with this type of tactic these days as I am pretty sure there must always be someone carrying like a video capture phone who would document everything which would make the business look really bad.

Fake Walmart TV Purchase

Monday, May 20th, 2013 by

Well, looks like someone out there is trying the old e-mail phishing scam again. This time it looks like they are trying to pretend to be Walmart.com and attempting to scare people in making them think that they made a purchase. This is what the e-mail looks like:

Walmart TV Phishing Scam

From – Thu May 16 14:26:40 2013
X-UIDL: 1368709532.17838.pt01
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: Received: (fqmail 17837 invoked from network); 16 May 2013 13:05:32 -0000
Received: (qmail 15440 invoked from network); 16 May 2013 13:05:32 -0000
Received: from 36-230-174-36.dynamic-ip.hinet.net (36-230-174-36.dynamic-ip.hinet.net [36.230.174.36])
Return-path:
Delivery-date: Thu, 16 May 2013 21:05:20 +0800
Received: from [16.34.49.217] (port=60661 helo=[192.168.199.151])
by 36.230.174.36 with asmtp
id 5YLB76-7112H5-If; Thu, 16 May 2013 21:05:20 +0800
X-EN-OrigIP: 36.230.174.36
X-EN-IMPSID: WLKW1l02w0lF5W901LKWYU
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
d=walmart.com; i=help@walmart.com; q=dns/txt; s=IP;
t=1367353171; x=1398889171;
h=date:message-id:to:from:cc:subject:
content-transfer-encoding;
z=Date:=20Tue,=2030=20Apr=202013=2013:19:24=20-0700=20(PDT
)|Message-Id:=20<201304302019.r3UKJOLd022606@ndc-fulmaila
pp3.walmart.com>|To:=20tom@tomgivens.com|From:=20″Walmart
.com”=20|CC:=20|Subject:=20Thanks=20for
=20your=20Walmart.com=20Order=202677175-375050;
bh=Y5/lWjKcTaPNp8T8dOICiPv+PwPN9urNh/jRID58VAU=;
b=btTEEO7LpaM983cciYDSzAai3ciXwZxh7/LWlEci41J17LEU/kS4D/TN
fkXgtUVI/SrLjh/7sH3+0daB9OdkRzRYpVWrQDWGnC6VTbYjY1ex4qRgr
HsvHvxo/OvUlB67Y4PlUL8ahqxh9OqELNVXebj35MuQP6gKD78lLB26Ws
M=;
Accreditor: Habeas
X-Habeas-Report: Please report use of this mark in spam to
Date: Thu, 16 May 2013 21:05:20 +0800
Message-Id: <705711808426.ICRFUIFS346176@ndc-fulmailapp4.walmart.com>
X-Authentication-Warning: ndc-fulmailapp5.walmart.com: batch set sender to orders@mail.wallmart.com using -f
From: Wallmart.com
Errors-To: eorderconfirm@mail.wallmart.com
Subject: Thanks for your Walmart.com Order 6036254-090423
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=”–Boundary-49=_0B139ELD_PC76FKN4K”

Thanks for ordering from Walmart.com. We’re currently processing your order.
Items in your order selected for shipping

• You’ll receive another email, with tracking information, when your order ships.

• If you’re paying by credit card or Bill Me Later®, your account will not be charged until your order ships. If you see a pending charge on your account prior to your items shipping, this is an authorization hold to ensure the funds are available. All other forms of payment are charged at the time the order is placed.
Shipping Information
Ship to Home

Liam Wilson
2636 Burgess St
St Peters, DC 68025-3157
USA

Walmart.com Order Number: 6036254-090423
Ship to Home – Standard
Items Qty Arrival Date Price
Toshiba UN48EH8000 62″ 1080p 400Hz Class LED (3.7″ ultra-slim) 3D HDTV 1 Arrives by Tue., May 21
Eligible for Free Standard Shipping to Home. $898.00
Subtotal: $898.00
Shipping: Free
Tax: $62.86
See our Returns Policy or
contact Customer Service Walmart.com Total: $960.86
Order Summary
Order Date: 05/15/2013
Subtotal: $898.00
Shipping: Free
Tax: $62.86
Order Total: $960.86
Credit card: $960.86

Billing Information
Payment Method:
Credit card
If you have any questions, please refer to help.walmart.com or reply to this email and let us know how we can help.
Thanks,

Your Walmart.com Customer Service Team
www.walmart.com

This one is a little more apparent that it is illegitimate as they try to get you to go to a misspelled domain called “Wallmart.com” as opposed to “Walmart.com.” As usual, I’m sure someone out there may have fallen for it so be sure to just dump it in the trash.