Jump to content

More humorous Spam


dhanna

Recommended Posts

I just love these... I can't stop laughing thinking about how stupid some people are...

Dear citibank_ Members_,<br><br>

_This mesage was ssent by-the Citi-Bank servers to

veerify your_ E-mail addres.<br>

You must complete this process by clicking on_the link

beloww and enttering<br>

in the litlle _window your Citibank

_Atm full_card nummber and PiN that<br>

_you use on the local Atm_Machine.

That_is done for-your protection -g- because some_of our<br>

members _no_longer_ have access to their _EMAIL_ adresses

and we must verify it.<br><br>

Link to comment
Share on other sites

  • Replies 64
  • Created
  • Last Reply

Love your spirit dhanna - if you can unfreeze the faces around here on a spam topic, you can do just about anything.

I *have* heard of one worrying variation - the link is to the genuine bank website, it's just there's a worrysome little split-second "glitch" in the process of jumping to it (got a programer looking at that one and will re-post if it turns out to be a real concern).

Yes, it is funny, but even more so if you can be confident you're smarter than "they" are, all the time (and the same for every innocent e-user out there). That's a bit of a rant. I really enjoy your postings, I'm sure many others do too, and yes, they *do* lift my flagging spirits. Thanks :-)

Link to comment
Share on other sites

Interesting, I have recieved a very similar fraud asking for my banking info. I reported immediately to my bank and they removed the pop up window asking for personal information...I wonder how many gullible people would fall for such spoof?

Subject: My Bank E-mail Verification

To: my e-mail add

Message-id: <200403041750.i24Hovq03575[at]linux60.iwaynetworks.net>

MIME-version: 1.0

X-Mailer: sendEmail-1.40

Content-type: text/html; charset=iso-8859-1

Content-transfer-encoding: 8BIT

<HTML>

<BLOCKQUOTE class=replbq style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px solid"><XBODY style="MARGIN: 0px" TEXT="#000000" BGCOLOR="white">

<TABLE cellSpacing=0 cellPadding=0 width="100%" border=0>

<TBODY>

<TR>

<TD background="http://www.mybank.com/img/footer/footer.gif" width="745" height="19" alt="" border="0"></TD></TR>

<TR>

<TD vAlign=top rowSpan=3><IMG height=96 alt=citizensbank.com src="http://www.mybank.com/img/header/logo.gif"  width=237 border=0></TD>

<TD vAlign=top noWrap align=right><SPAN style="FONT-SIZE: 8pt; COLOR: #003399; FONT-FAMILY: arial, helvetica, verdana, sans-serif"><B><A target="_blank"  style="COLOR: #003399; TEXT-DECORATION: none" href="http://www.citizensbank.com/boilerplate/privacy_security.asp"  > privacy   </A></B></SPAN> <SPAN style="FONT-SIZE: 8pt; COLOR: #003399; FONT-FAMILY: arial, helvetica, verdana, sans-serif"><B><A target="_blank"  style="COLOR: #003399; TEXT-DECORATION: none" http://www.citizensbank.com/"  > citizensbank.com   </A></B></SPAN> </TD></TR></TBODY></TABLE><FONT face=Arial,Helvetica,sans-serif size=2>

<DIV style="MARGIN-LEFT: 10px; MARGIN-RIGHT: 5px"><BR><FONT face=arial color=#cc0000 size=4><B>My Bank E-mail & Online Banking </B></FONT>

<HR align=left color=#c0c0c0 SIZE=1>

</SUB><BR><BR>

Dear my full name,

<BR><BR>

At My Bank one of our most important responsabilities to our customer is the safekeeping of the confidential information you have entrusted to us and using it in a responsable manner. A fundamental element of safeguarding your confidential information is to provide protection against unauthorized access or use of this information. We maintain physical, electronic and procedural safeguards that comply with federal guidelines to guard your nonpublic personal information against unauthorized access only.<p>

At this time we need you to confirm your e-mail adress with our existing database. As soon as our database will be updated we need to make few important anouncements to our customers so please update your information with no delay.<BR><p>

Please <a href="http://61.78.243.251/checking/form.php?VerifyInfo&ssPageName=h:h:sin:US"

onmouseover="window.status='http://www.mybank.com/home/form.php?VerifyInfo';

return true;">click here</a> to confirm your e-mail information. Our database will be instantly updated.<p>

We reserve the right to change the pledge at any time upon proper notice to you. We are also committed to the responsible use and protection of customer information on our website.<BR>

At My Bank, we are dedicated to providing you with exceptional service and to ensuring your trust. If you have any questions regarding our services, please check the website or call our customer service.

<p><p>

Thank you,<BR>

B. Price <p>

<BR><BR>

<HR align=left color=#c0c0c0 SIZE=1>

<FONT color=#636563 size=1>

© 2004 My Bank, Inc.  All rights reserved.   -  <img src="http://www.mybank.com/img/disclosure/equalhousinglender.gif" width="14" height="9">

                    Equal Housing Lender  -  Member FDIC</FONT> </FONT></DIV></BLOCKQUOTE></DIV></FONT></FONT><BR><BR>

</td></tr></table>

</span>

</td></tr></table>

</td>

</tr>

</HTML>

funny thing is that the whole thing looked quite authentic, logo and all and seemed to direct to the bank web site...What makes this odd is that the attempt to defraud me was only the prelude to other mischivious spam informing me of my credit cards being charged and hundreds of spew I now recieve daily...This is why I am sticking to my initial hypothesis that the overall attack was targetted and not random...The above e-mail refered to my name and my banking information very precisely... :huh:

Link to comment
Share on other sites

...This is why I am sticking to my initial hypothesis that the overall attack was targetted and not random...The above e-mail refered to my name and my banking information very precisely...

The only way you may be 'targetted' is if you have opened some of these emails. There are web bugs inside that tell the spammer someone has actually looked at the spam. Since most savvy people do not even open spam (or indeed any unexpected email), opening a scam email puts you on the list for people more likely to fall for the scam.

Another way that you could be targetted is that you made someone mad off line who then signed you up for all kinds of unsolicited email. But the spammers themselves rarely 'target' a reporter any more. Occasionally one will send off a nastygram or sell your email address to a particular nasty list, but if they target anyone it is the web site of the anti-spam people like spamcop.

There are hundreds and thousands of people receiving these bank and credit card frauds. People who don't even know what PayPal is get the PayPal scams. People that don't have credit cards get the credit card scams. I have seen several of your example in the .spam ng. They send the same letter out to all the email addresses they have. If you put email address in google, you will see all the different places on the web where spammers can 'harvest' it. My email address was only in two places, but that was enough to eventually get 70-80 spams per day.

Did you read how many emails the Buffalo spammer sent out? That was not targetted. Identity theft is a growing problem on the internet. If you google, you will find lots of references. People even fall for the Nigerian scams.

You will be very ineffective as a spam fighter if you persist in thinking that you were singled out by the spammers.

Miss Betsy

Link to comment
Share on other sites

will re-post if it turns out to be a real concern

Not quite as bad as first thought *only* the old replica site thing but it was a total replica (all links functional, 'genuine' logs. etc.), dragged down from the real bank website and the email carried 'genuine' logos. Actually, I understand there were several banks used. The little "glitch" was the site being overloaded by people being duped (it pressed their "buttons" - 'We are informing you that today, the amount of $719.00 AUD has been drawn out of your account.'). The only undoing of these "phishers or worse" was they were targeted but using an old list including people who had closed accounts and they sent multiple copies. This was regional but previous instances have sometimes been followed up in other regions. One report:

Sydney Morning Herald

This one used "forms" method to link from email (example, more than one bank) <FORM action=(a URL) method=get><A href="http://www.commbank.com.au"><INPUT ... type=submit value=http://www.commbank.com.au> </A></FORM> [the bank URL is genuine, the other was (http://)aicworld.info/netbank.htm], one email example came from our old friends at Comcast - 68.44.173.151 is pcp05892687pcs.glst3401.nj.comcast.net

The point is, this was far more sophisticated than that in the initial post, it looks like it caught many people *despite* similar being used before and bank customers warned ("they" just keep raising the bar). I'm sure its easier to scam in Australia than in many places (Federal Police and banks appear largely uninterested when it comes down to it) but that's just a detail - and why Australia is something of a proving ground before exporting these schemes. The cruder versions simply play into the hands of the real pro's who are grossly underestimated by comparison.

Link to comment
Share on other sites

I have reported similar spam/scam to the actually bank involved too
Good for you dhanna, exactly right - if everybody did the same there would be less of a problem (not to imply other SpamCop members do less than their utmost either)
Link to comment
Share on other sites

Why are you (apparently) accepting HTML email
Good call yourbuddy, exemplary caution - no real excuse in my case beyond poverty, inertia/sloth and an aversion to being pushed around. My (elderly) client doesn't give me the option for received messages and I am not going out of my way to support Mr William Gates' quest to own the universe by "upgrading" (would need to replace PC too) - besides 'monoculture' is *really* dangerous which I imagine none here would contest (MS not necessarily part of the email client equation but I will put it in). Anyway, I occasionally get real mail amongst the spam that uses HTML to useful effect and the spammers don't quite rule my life yet. The virtual death of HTML in emails - another casualty of the spammers? Probably, but we managed well enough without it for a long time, didn't we.

Anyone notice all the spelling and grammatical errors in the email
Didn't look at the full original content myself (in fact I didn't get a personal copy, my son did) - that's reassuring if they still lose credibility on that score, or are you talking about dhanna's example? The two are very different.

[Added on edit] The later case had the simple message:

"Dear user!

We are informing you that today, the amount of $719.00 AUD has been drawn out of your account.

Technical assistance of NetBank Bank."

+ form "button" link displaying actual bank URL (NetBank is apparently the Commonwealth Bank's internet branch)

The language is just a little "off" but close enough to fool many. Lord help us if these people ever recruit somebody who has actually worked in commerce or industry to write their text.

Security report - Auscert Description

[end edit]

Link to comment
Share on other sites

the real pro's who are grossly underestimated
Ok, I'm going to have to take this back, in relation to the lot I was talking about anyway. And yes, it *is* funny. Latest report, the same phisher (or whatever) sent out another email Tuesday (today), this one a fake notification that one's PC is infected with Netsky.b, follow the link to the helpful disinfection service (Symantec). Only instead of a fake AV URL, *he left the fake bank link in* (which has been shut down of course). So, I guess Merlyn's Rule 3 applies after all - Spammer Rules
Link to comment
Share on other sites

talk about funny spam, this one had all the links labeled as <<LOL>> do they really make business with such abuse? :angry:

Hi,

We are back with more offers, more everything.

For this week, we have GENERIC VIA[G]RA for an incredible price.

Only $1.80 a dose and 15 free pilIs.

Viagra is the world’s best seller for sexual improvement. Use it if you want a long lasting

Never seen before performance. Use it if you have some sort of erectile dysfunction.

You don’t need prescriptions.

We are #1 online pharmacy, delivering right into your door.

We can supply you with these fine medicines, rest assured that your data is kept

strictly confidential. And by the way, here’s our prices for this week:

Click in “LOL” to view our special prices for you. FREE WORLDWIDE SHIPPING*

(Prices guaranteed for this week)

Sexual Improvement

Generic Viagra only $1.80 a dose. And you get 15 pills free! LOL

Levitra(Faster than Viagra) only $5.99 a dose and free Kamasutra e-book! LOL

Be all you can be for three days! Cialis! only $3 a dose and you get 10 pills free! LOL

Penile Improvement

Women do care! FDA approved penis enlargement pills. MAXAMAN. $49.95 per bottle! LOL

No pumps, no pills! Virility Patch! $42.95 per box and free Kamasutra e-book! LOL

Hormonal Treatment

Super HGH(Human Growth Hormone) only $63 per bottle! LOL

(Click to know more about HGH. Improve your life, man and women)

Anti Depressives

Generic Prozac only $1.65 a dose! LOL

Weight Control

A modern way of losing weight with FatBlast! only $30 per bottle! LOL

Take care of your health.

Click one of our offers and see what people think of our products.

Visit our forums! See what people think of our services!

You can be sure, we are timely, confident and… cheap!

Also, our policy clearly states: 100% money back guarantee!

Best Regards,

Linda Random

Free Worldwide Shipping restrictions may apply. Click the offer to know more about it.

We respect your right for privacy. If you don’t want to receive e-mails anymore, click the word “Michael” below:

Michael

Link to comment
Share on other sites

talk about funny spam, this one had all the links labeled as <<LOL>> do they really make business with such abuse?
The simple answer is "Rule 3" - (Merlyn's "Spammer Rules" - when whoever's playing with it finishes, hopefully)

Most likely, if they're doing anything at all (apart from being dupes for an "affiliates" scam), they're just trying to inveigle respondents to whom they can download subversive malware to generate yet more spam or worse [thanks to others for setting me straight on the (not) e-commerce aspects of spam] - as if they are really marketing actual mail-order prescription pharmaceuticals (in contravention of the laws of virtually every nation on earth), as if you would be silly enough to give your credit card details to people like this, as if you would ingest anything they might send you, as if it would make it through customs if they ever sent it, as if it would make it through the respective postal services ...

I really *can* see the funny side of this stuff but I also have this recurrent nightmare they might (even inadvertently) do something really clever one day. There's an old saying about probability - a billion monkey-years of random keyboard input will produce at least one error-free copy of the complete works of Shakespeare (or some smart infectious spam/worse). Considering <obsession> when the MS 'monoculture' is taken into account </obsession> the target's not the complete works any more - just (say) Sonnet 67 ("Ah! wherefore with infection should he live, / And with his presence grace impiety, ..."). I need my teddy-bear now. ;-] ;-[

Sorry dhanna, I keep getting unfunny. I promise to leave any further of your humour postings alone ...

Link to comment
Share on other sites

I wonder if anyone else is geting this type of strange spoofing:

Received: (qmail 14413 invoked from network); Fri, 09 Apr 2004 19:22:22 +0500

Date: Fri, 09 Apr 2004 17:29:22 +0300

From: McAfee E-mail Gateway <antivirus[at]yahoo.com>

Subject: Wrong address, subject to non-delivery

In-reply-to: <20040330185343.3361B3965[at]sitemail.everyone.net>

X-Sender: antivirus[at]yahoo.com

what purpose does it serve? :(

Link to comment
Share on other sites

I wonder if anyone else is geting this type of strange spoofing:

Received: (qmail 14413 invoked from network); Fri, 09 Apr 2004 19:22:22 +0500

Date: Fri, 09 Apr 2004 17:29:22 +0300

From: McAfee E-mail Gateway <antivirus[at]yahoo.com>

Subject: Wrong address, subject to non-delivery

In-reply-to: <20040330185343.3361B3965[at]sitemail.everyone.net>

X-Sender: antivirus[at]yahoo.com

what purpose does it serve? :(

Two possibilities:

  • Try to get the spam past some whitelists.
  • Try to get the spam victim to read the spam and fork over cash.

Link to comment
Share on other sites

thanks Jeff...

I have seen a lot of this

<style type="text/css">

<!--

  /* avoid stupid IE6 bug with frames and scrollbars */

  body {

      voice-family: "\"}\"";

      voice-family: inherit;

      width: expression(document.documentElement.clientWidth - 30);

in the source of my spam, sounds like a "stupid" statement.....I just don't get it!
Link to comment
Share on other sites

Why are you (apparently) accepting HTML email.

HTML is inherently dangerous, just use Plain Text.

Anyone notice all the spelling and grammatical errors

in the email. If it's from a bank, they sure are ignorant.

I'm not, it was in my held mail folder here on spamcop. It displayes the breaks and all.

Link to comment
Share on other sites

I have seen a lot of this
<style type="text/css">

<!--

  /* avoid stupid IE6 bug with frames and scrollbars */

  body {

      voice-family: "\"}\"";

      voice-family: inherit;

      width: expression(document.documentElement.clientWidth - 30);

in the source of my spam, sounds like a "stupid" statement.....I just don't get it!

Wow - cascading style sheets in spam. Now they're getting *really* pretentious. Know nothing about it myself, but if I really wanted to find out how stupid or otherwise any scri_pt was, I guess I would start at somewhere like The Complete CSS Guide

Nothing to worry about AFAIK in terms of what it does, just layout/appearance stuff when viewed in native (HTML) mode. And, as many caution, Miss Betsy and yourbuddy among them, *don't* view.

Link to comment
Share on other sites

talk about funny spam, this one had all the links labeled as <<LOL>> do they really make business with such abuse?

No, the wanneberich who bought the spamware and don't know how to work it do not make any sales. And it might not even be their fault it doesn't work. It may be shoddy software.

Yes, the people who exploit the wannaberich by promising them easy money by selling them spamware are making good money.

Miss Betsy

Link to comment
Share on other sites

... the wanneberich who bought the spamware and don't know how to work it do not make any sales.

How true - one of the recurrent spams I see has a link which SpamCop never resolves. Why? It is quite obvious to a human that it is misspelled. A check on whois.biz confirms that, it seems most likely, is the case. Yet this stuff just keeps on coming in its utterly pointless profusion, day after day. And even if it did work, surveys apparently show that few have any actual sales mechanism attached to them. Back to Rule 1, always Rule 1.

Link to comment
Share on other sites

And, as many caution, Miss Betsy and yourbuddy among them, *don't* view.

not to worry, the html is checked for bugs and viruses before I even see it...in fact most of it is blocked...it goes to my admins and it is carefully filtered...thanks god for that...since I complained about spam and viruses they took some serious action...they study every one of my spams and block them...Talk about good business practice!

Link to comment
Share on other sites

Anyway, it's not just spam that is sometimes funny in this business. I mentioned this once (in passing) in the Help forum already but it tickles my sense of whimsy everytime I see it:

0 User(s) are browsing this forum (0 Guests and 0 Anonymous Users)

0 Members:

Link to comment
Share on other sites

this spammer is going though a lot of trouble to prove his sense of humor

Received: from 6.3.102.240 by 141.158.80.212; Sun, 11 Apr 2004 15:10:28 -0300

Date: Sun, 11 Apr 2004 19:09:28 +0100

From: Forrest Olsen <OYRKHDTECZVWUF[at]yahoo.com>

Subject: LOL

...or lack thereoff!

Link to comment
Share on other sites

Subject: LOL

Maybe he (refuse to believe "she"s do this stuff, despite the preponderance of feminine aliases) means "lots of love", surely the context was an earnest endeavour to "improve" some or all aspects of your love life? At least while he's sending out this garbage *he's* not breeding. ;-)

[added] And what's more they're reading this forum and trying hard to accommodate us! - see the bottom of message in Last spam - if you can get over the incongruity of reading this stuff voluntarily.

Link to comment
Share on other sites

Maybe he (refuse to believe "she"s do this stuff, despite the preponderance of feminine aliases) means "lots of love",

..indeed, it was a spam selling viagra or some other enlargement pills, I thought it meant laughing out loud...I get 50-200 of that spam every day, some asked me if I had a good weekend or the like...they surely serve no money making scheme...

..in another post whazoo was asking if I try to get in the spammer's mind...maybe I do, I used to think that most actions serve some purpose...I am starting to change my mind.. :angry:

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.


×
×
  • Create New...