Archive for category Spams and Scams

Why won’t Facebook let us report bogus profiles/contests?!?!

I ran across a fake Southwest Airlines Facebook profile today promising to give away all-inclusive vacation packages to 30 entrants:

SouthwestScam

(note how the profile name has a period after the first word: “Southwest. Airlines” – that’s how they make it look like Southwest’s own profile page as much as possible)

I hate to see my friends taken in by these fake contests.  I don’t know the exact angle for these scams – how do they benefit from creating fake contests except to get many Facebook accounts to “Follow” their fake account?!?

Like a good Facebook citizen, I want to report the fake profile to Facebook so they can review it, determine that it’s fake, and then take it down.  Hmmm… how do we do that?  Oh, I know.  Click on the profile’s page, pull down the “…” option menu, and click on “Report Page”:

SouthwestScamReportButton

Once I click on Report Page, I’m given several options, including the obvious: “It’s a scam”

SouthwestScam1

Click on Continue, and I get another list of options:

SouthwestScam2

Two options: “Block Southwest. Airlines” and “Hide all from Southwest. Airlines”.  WHAT?!?!  Where is “Report to Facebook for review”???

Facebook: Why have you REMOVED the most obvious and most useful option for people to report scams to you???  Instead of letting you review the post or profile directly, you simply want users to stick our heads in the sand and hope the problem goes away.  Who gives a shit about our friends and others that might fall victim to this scam, right??

ABSOLUTELY LAME FACEBOOK!!!

 

Stupid hackers in the Ukraine

What do these people think?  I’m gonna let them hack me?  Here’s the first few log entries (out of over 1400 right now) showing some idiot in the Ukraine who is trying to hack THIS BLOG!?!?

www.stupidityexposed.com 178.137.84.60 – – [05/Jul/2014:09:46:15 +0000] “POST http://stupidityexposed.com/wp-login.php HTTP/1.1” 200 3146
www.stupidityexposed.com 178.137.84.60 – – [05/Jul/2014:09:46:17 +0000] “POST http://stupidityexposed.com/wp-login.php HTTP/1.1” 200 3146
www.stupidityexposed.com 178.137.84.60 – – [05/Jul/2014:09:46:18 +0000] “POST http://stupidityexposed.com/wp-login.php HTTP/1.1” 200 3146
www.stupidityexposed.com 178.137.84.60 – – [05/Jul/2014:09:46:20 +0000] “POST http://stupidityexposed.com/wp-login.php HTTP/1.1” 200 3146
www.stupidityexposed.com 178.137.84.60 – – [05/Jul/2014:09:46:22 +0000] “POST http://stupidityexposed.com/wp-login.php HTTP/1.1” 200 3146
www.stupidityexposed.com 178.137.84.60 – – [05/Jul/2014:09:46:24 +0000] “POST http://stupidityexposed.com/wp-login.php HTTP/1.1” 200 3146
www.stupidityexposed.com 178.137.84.60 – – [05/Jul/2014:09:46:25 +0000] “POST http://stupidityexposed.com/wp-login.php HTTP/1.1” 200 3146
www.stupidityexposed.com 178.137.84.60 – – [05/Jul/2014:09:46:27 +0000] “POST http://stupidityexposed.com/wp-login.php HTTP/1.1” 200 3146
www.stupidityexposed.com 178.137.84.60 – – [05/Jul/2014:09:46:29 +0000] “POST http://stupidityexposed.com/wp-login.php HTTP/1.1” 200 3146
www.stupidityexposed.com 178.137.84.60 – – [05/Jul/2014:09:46:31 +0000] “POST http://stupidityexposed.com/wp-login.php HTTP/1.1” 200 3146
www.stupidityexposed.com 178.137.84.60 – – [05/Jul/2014:09:46:32 +0000] “POST http://stupidityexposed.com/wp-login.php HTTP/1.1” 200 3146
www.stupidityexposed.com 178.137.84.60 – – [05/Jul/2014:09:46:34 +0000] “POST http://stupidityexposed.com/wp-login.php HTTP/1.1” 200 3146
www.stupidityexposed.com 178.137.84.60 – – [05/Jul/2014:09:46:36 +0000] “POST http://stupidityexposed.com/wp-login.php HTTP/1.1” 200 3146
www.stupidityexposed.com 178.137.84.60 – – [05/Jul/2014:09:46:38 +0000] “POST http://stupidityexposed.com/wp-login.php HTTP/1.1” 200 3146
www.stupidityexposed.com 178.137.84.60 – – [05/Jul/2014:09:46:40 +0000] “POST http://stupidityexposed.com/wp-login.php HTTP/1.1” 200 3146
www.stupidityexposed.com 178.137.84.60 – – [05/Jul/2014:09:46:41 +0000] “POST http://stupidityexposed.com/wp-login.php HTTP/1.1” 200 3146
www.stupidityexposed.com 178.137.84.60 – – [05/Jul/2014:09:46:43 +0000] “POST http://stupidityexposed.com/wp-login.php HTTP/1.1” 200 3146
www.stupidityexposed.com 178.137.84.60 – – [05/Jul/2014:09:46:45 +0000] “POST http://stupidityexposed.com/wp-login.php HTTP/1.1” 200 3146
www.stupidityexposed.com 178.137.84.60 – – [05/Jul/2014:09:46:53 +0000] “POST http://stupidityexposed.com/wp-login.php HTTP/1.1” 200 3146
www.stupidityexposed.com 178.137.84.60 – – [05/Jul/2014:09:46:55 +0000] “POST http://stupidityexposed.com/wp-login.php HTTP/1.1” 200 3146
www.stupidityexposed.com 178.137.84.60 – – [05/Jul/2014:09:47:00 +0000] “POST http://stupidityexposed.com/wp-login.php HTTP/1.1” 200 3146
www.stupidityexposed.com 178.137.84.60 – – [05/Jul/2014:09:47:01 +0000] “POST http://stupidityexposed.com/wp-login.php HTTP/1.1” 200 3146
www.stupidityexposed.com 178.137.84.60 – – [05/Jul/2014:09:47:03 +0000] “POST http://stupidityexposed.com/wp-login.php HTTP/1.1” 200 3146

Hey idiot – GET A LIFE!!!

 

Beware of Bell Domains!

I just received a (spam) email from info@automaticdomains.com telling me that they were offering a variation to a domain name for sale and that “it would make an excellent addition to your existing” [collection of domains].  When I tried to reply to the email, I received the following response:

This email address is not monitored. Please contact us at info@belldomains.com.

(I hope someone is scraping these email addresses?!?   :o)

First of all, they don’t even own the domain name they were trying to sell me (no one does!):

D:\>whois RECYCLETOTHERESCUE.COM
[whois.internic.net]

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

No match for "RECYCLETOTHERESCUE.COM".
>>> Last update of whois database: Thu, 08 Mar 2012 14:11:52 UTC <<<

Anyway, if I click on the link in the email, I’m taken to the belldomains.com web site.  When I went to their main page, it asks “Did you receive an email from us? Enter the domain below to see if the domain name is still available.” and prompts me for a domain name.  I entered a domain that I knew didn’t exist (like “belldomainssucksbigtime.com”) and I got this interesting response

I get a kick out of how it says “It is listed as a premium domain name and is expected to sell quickly.“!!   :o)

It probably doesn’t reflect too well on the “Domain Name Owners Association (DNOA)” that Bell Domains claims to be a certified seller either.

 

Intrust Domains (a.k.a Domain Match Makers) tries to sell domains it doesn’t own!

I received a SPAM from Intrust Domains (apparently an ICANN Accredited Domain Registrar) today.  It’s bad enough that they are using the WHOIS database for commercial purposes (a use which is explicitly prohibited by ICANN), they were trying to sell me a domain they don’t even own!  Here’s the email:

Intrust Domains spamThe first thing you should notice is the use of a “throw away” domain (MASRECARGA.COM in this case) throughout the email – a CLASSIC SPAM TECHNIQUE.  By using “throw-away” domains like this, they hope that anti-spam tools won’t label the email as spam since these domains are usually fairly new.  Plus, it protects their primary domains (dnipremiumnames.com and intrustdomains.com) from complaints to their ISPs since the primary domains are not actually listed in the SPAM emails.

Secondly, the domain they are offering me happens to be in the “deletePending” state as reported by whois.internet.net.  At this point, only moniker.com has any control over the domain if anyone!  I don’t see any business link between Moniker and Intrust Domains.

Even the email headers show evidence of SPAM techniques, proving they know that their marketing practices are illegal:

Return-Path: <arthur@MASRECARGA.COM>
Received: from worldtaxpages.org (def.wtsuk.net [208.87.24.149])
by xxxxx.xxx (8.14.4/8.14.4) with ESMTP id oBLD2Fg7014437
for <domainadmin@xxxxx.xxx>; Tue, 21 Dec 2010 13:02:15 GMT
Received: from art.names.org (art.names.org [192.168.1.22])
by def.wtsuk.net (8.14.3/8.14.3) with ESMTP id 338
for <domainadmin@xxxxx.xxx>;
Tue, 21 Dec 2010 07:46:59 -0500 (EST)
Date: Tue, 21 Dec 2010 04:46:59 -0800 (PST)
From: Arthur Simmons <arthur@MASRECARGA.COM>
To: "domainadmin@xxxxx.xxx" <domainadmin@xxxxx.xxx>
Message-ID: <20101221.1292935619499.67347241@def.wtsuk.net>
Subject: XXXXXXXXXXX.COM
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_35689_32767277.1292935619497"
User-Agent: Thunderbird 2.0.0.23 (X11/20090825)
  1. They didn’t send the email from their own server/network (the ones associated with intrustdomains.com or dnipremiumnames.com, which are both apparently hosted in Panama?!?), again to avoid the complaints to their ISPs.
  2. The domain ‘wtsuk.net’ is owned by Intrust Domains.  Interesting to note that the several hosts I could find on that domain are on IP addresses all over the world (another good sign of a spammer).
  3. The HELO name doesn’t match the reverse lookup of the host delivering the email.  Typical spammer oversight.
  4. The second Received line seems to implicate another domain owner from Portugal (whether it’s forged or not).

I also found it odd that if you do a WHOIS on ‘dnipremiumnames.com’, their WHOIS server (since they are the registrar for their own domains) seems to intentionally block the request, yet all other requests for domains registered thru them works fine.

When you click on the link in the email, you’re redirected to their main site:

Intrust Domains

You’d think they had self-confidence issues with all the “Trust Guard” badges they had to buy to attempt to make their web site look legitimate!?

Trust?!?  I don’t think so!!  Spammers??  DEFINITELY!!!

Stupid PayPal scam for stupid victims

Wow!  Talk about stupid.  Here’s a new scam for people who want to scam other people!  (actually, it’s a new twist on an old scam)  This  guy claims to be posting a “How to Hack into PayPal” blog entry.

http://howtohackintopaypal.blogspot.com/2009/04/how-to-hack-into-paypal-easily.html

(I don’t now how long the blog will actually be available?)

They claim you can get info on someone else’s PayPal account by using a “special email address” and by formatting your email just the right way!  They claim this works with any target PayPal account that uses Yahoo! or Hotmail account.

What they’re really doing is betting on the greed of the victim and having them send their own PayPal email address and password (along with the “target’s” PayPal email address) via this special email in order to “fool” the PayPal email processing system into giving the victim the account info for some other PayPal account.

I can’t say I’d feel too bad for the people who are dumb enough to fall for this scam because the premise is that they (the real victim in this situation) are trying to illegally obtain information about someone else’s PayPal account.

Don’t worry people – there’s plenty of stupid to go around…