Comments on: Website Advertising Enquiry Spam

By: Tori

Tori — Wed, 27 Feb 2008 14:49:50 +0000

From what I have read, this is actually a new-fangled version of the Nigerian 419 scam. They send you a check for the price that you quote them, and add an extra thousand or so. Then to remedy the “mistake”, they ask that you wire the overpayment back to them. Your bank finds out the check is fake or stolen, and you are out a great amount of money.

You can read about it here:
http://www.f-secure.com/weblog/archives/00001372.html
and
http://www.hoax-slayer.com/website-advertising-enquiry-scam.shtml

Hope these links are helpful to someone looking for information on this subject.

By: Dave

Dave — Wed, 27 Feb 2008 13:55:45 +0000

Update –

After making the affected domain “private”, the spam has now 100% quit after about 2 weeks. So that’s the solution I guess.

Dave

By: KauaiMark

KauaiMark — Sat, 23 Feb 2008 17:54:01 +0000

“…
Hello,

We have reviewed your blogger.com blog on behalf of one of our
clients that would be interested in placing advertising with you.
…”

The one I got didn’t even include a “name” just “Hello”. It didn’t reference my blog just the generic a “blogger.com” label.

What incompetent spammers!

…Mark

By: Dave

Dave — Wed, 13 Feb 2008 11:26:20 +0000

I went in the other day and made the domain private that was affected. I’m getting way fewer now, but they all say ($name) where where the web address used to be. That’s interesting. I’m wondering how the data was originally read?

By: Dave

Dave — Fri, 08 Feb 2008 01:52:16 +0000

I just went in for the domain that seems to be targeted and made it private. I’ll be curious to know if the spam will subside…

By: Fatih

Fatih — Thu, 07 Feb 2008 01:03:06 +0000

I received this spam and I must admit that I started typing a response, then I decided to check the message header. If you’re reading this then you probably guessed it looked fishy. The e-mail I received used the name “Jason Miller” like the screen grab above, but sender’s name was “Richmal Wiggins” with an e-mail address of “bond_marketing@yahoo.com”. I did a search and came upon this blog entry which quickly confirmed my suspicions for sure. Thanks for the tip off!

By: Dave

Dave — Wed, 06 Feb 2008 13:29:25 +0000

I get a kick out of examining them. First, you will see the FROM name doesn’t match the name in the return email address or the alleged writer of the email (usually some non descript Anglo name like Edward Johnson or Jason Miller). Also, the header shows they all come from places like RUSSIA or through open servers here in the U.S. What is odd is they are all targeting my email contact for only one specific site where I am the Admin in the WHOIS and not to my email addresses for the hundreds of other domains I own. Therefore, I do not believe their goal is to collect email addresses. Just by virtue of the fact my email is on a domain WHOIS indicates it is a valid address. It is more conceivable that they are part of a much more elaborate phishing scam to lure people into paying for something down the road, such as a revolving banner or the promise of ad revenues on your site of thousands of dollars but you need to wire a few hundred by Western Union (they primarily use WU because it is virtually untraceable) first.

By: Anonymus

Anonymus — Fri, 01 Feb 2008 22:55:07 +0000

I add the header info on these to my block filters.

By: Beth

Beth — Fri, 01 Feb 2008 04:50:27 +0000

I received quite a few of these today but since they went to my personal email address and not my biz email I had a feeling it wasn’t legit. Thanks Ros, I’m so glad you said they were phishing emails.