Thursday, May 19, 2016

HP Scanjet Virus / Scam / Malware

Today I got this scam email below. I Googled some of the text in the document and found this good article here about the dangers of opening the file that was sent to me:

https://myonlinesecurity.co.uk/spam-malware-scan-d34d94c50b_d8b8aad5ba-hp-scanjet-pretending-to-come-from-your-own-domain/

Regarding the email that was sent to me, the 'from' address was:

qwer0@bridgecatalog.com

Note: that is MY domain name, but they spoofed it so that it looks like it came from my server. It didn't. It really came form here: alshamil.net.ae / etisalat.ae   That's a Middle Eastern email provider.

///////////////////////////////////////////////////////

Subject line:

Scan  #B545F39BB7_CA32312544

///////////////////////////////////////////////////////

Body of message:

Scanner:
Scanner id: B545F39BB7_CA32312544
Scanner Program: HP Scanjet 300 Flatbed Scanner
Software ver. #8901766876.#92274432.#0092133
File: MSG0008789308
To: [my email address]


------------------------------------------------------------
Save time with fast scanning speeds and intuitive controls.
Set up quickly, using a single cable. Enjoy high-resolution
document detail. One-touch scan-to buttons let you start
working and sharing fast. Place this compact scanner almost
anywhere.
------------------------------------------------------------


///////////////////////////////////////////////////////

The attached malware file is named:
msg0008789308.docm



///////////////////////////////////////////////////////

Here is the raw header:

Content-Type: multipart/mixed; boundary="------------039084853536147527459673"
Mime-Version: 1.0
X-Smartermail-Spam: SPF_SoftFail, Spamhaus - PBL2, UCEProtect Level 2, Commtouch 0 [value: Unknown], ISpamAssassin 0 [raw: 0], DK_None, DKIM_None
Return-Path:
Return-Path:
Received: from bba429025.alshamil.net.ae (bba429025.alshamil.net.ae [83.110.239.19]) by pacu.viviotech.net with SMTP; Thu, 19 May 2016 08:50:53 -0400
X-Smartermail-Totalspamweight: 19
X-Ctch-Refid: str=0001.0A090203.573DB6A5.00EF,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
Message-Id:
SPAM-MED:  Scan  #B545F39BB7_CA32312544


When i put in that domain (alshamil.net.ae, the true sender of this message), I'm redirected to this site:

http://www.etisalat.ae/nrd/en/index.jsp


Do not open the above message or any messages that resembles it.

Saturday, March 28, 2015

Scam alert: Import and Export. INC bensonthomas102@gmail.com

this is a scam:

bensonthomas102@gmail.com

Dear Sir,

Attached is our payment order from the bank.

Kindly reconfirm your account details in the attached file to enable us complete the transfer next week

Regards
Admin
Bearlight Industrial  Chemical Co. Ltd.
Room 1004, One Mongkok Road commercial Centre,
No. 1, Mongkok Road, KLN, Hong Kong,
tel: 852-23081217, fax: 852-23949989,

Tuesday, March 24, 2015

Anti-virus scam for 1-855-383-8420



My friendly recently called me in a panic: her computer was making a load screeching noise and her screen was telling her to not touch anything but rather call this "Microsoft" tech repair number.
This was  a scam. The entity creating this screen and noise were a scam to get people to pay for anti-virus software.
Below is what the screen looked like. Don't fall for this. This is the number they told her to call:
1-855-383-8420

You can Google this telephone number and you'll find similar horror stories about this company.

The screen says:
The page at alert.norton.com.ok-po-alert.com says:

* * * Computer Health Alert  * * *
Your Browser Detected Security Error. Due to Suspicious Activity Found on Your Computer. Contact Microsoft Certified Live Technicians
1-855-383-8420 (Toll-Free)

The screen also says the computer is infected with "Trojan" and "SpyWare.bot". That was not true.


After calling, they try to get you to subscribe to their bogus services.


Wednesday, December 10, 2014

Spam alert: James Thomas

received this spam today.

Date: December 10, 2014 at 3:57:40 PM EST
Subject: order
From: James Thomas
To: James Thomas

I am making inquiry if you ship internationally but specifically to our location here in Madagascar.In addition, I would like to know if you accept credit card payment and it will be appreciated if you return to us by email.

Regards

James Thomas

Thursday, July 18, 2013

Spam alert for Jerom Anderson

likely spam / phishing:

My name is Jerom Anderson and this order is an individual order and i like to make a purchase of [insert item] and i will be more happy if you can email me with the types and prices that you have for sale as well........Please let me know if you do accept credit card as a form of payment, and that will be pick up at your location....Hope to read back from you soon..
Kind Regards

Jerom Anderson

mail came from: 
Jerom White
subject line:
Order Needed

Tuesday, December 4, 2012

Spam alert: Konstantine

I received a 'comment' today on my blog that was in fact an effort to boost someone else's website.
The message is below. In his original post, this text "website design company new york" was a link to his website. 

In sum,
Konstantine [last name removed] may be a spammer.
And same goes for the company that he's apparently involved in.


Konstantine ********************* has left a new comment on your post "Sustainable Decorating for Table and Home":

Hi,

Wow!

Truly a great post.

Thanks for such a great information. In these days its hard to find a honest blog about website design company new york

Wednesday, November 7, 2012

Spam / scam alert


Likely spam:
From: Randy Richard


My name is Randy Richard and this order is an individual order and i like to make a purchase of (Plate Stands) and i will be more happy if you can email me with the types and Prices that you have for sale as well........Please let me know if you do accept credit card as a form of payment, and that will be pick up at your location....Hope to read back from you soon..
Kind Regards
Randy Richard 

Spam / scam alert

Received this email today and it's likely spam/scam:

From: DUKE WHITE


Dear Sir/Madam,
 Am Mr. Duke White and i will like to  place an Order
regarding
 the Allee Royale Medium Melon Bowl 
from your store or Company.Do you  u have
this unit in stock now? If so ,you mail me the types  and prices range
for some three common ones. Also, What types of Credit
Cards do you admit for Payment?waiting for your email soon
Regards
duke. 

Monday, January 9, 2012

Spam / phishing alert for Thomas Kevin


Received this message today. Likely spam or phishing:


From: Thomas Kevin
Date: January 9, 2012 8:31:26 AM EST
To: undisclosed-recipients:;
Bcc: jason@solarek.com
Subject: Order

Hello,
  Am Mr.Thomas Kevin  and I will like to place an Order regarding Tableware.What is the cost price per each?what type do you have in stock,And also what type of credit cards do you accept for payment, hope you answer to my request ASAP.


Regards
Thomas  ..

Monday, December 19, 2011

Spam / phishing alert for Tom Parker / Cyprus / California, US.

I received today this e-mail and its most likely spam / phishing scam:


From: "Tom Parker"
Date: December 19, 2011 2:38:44 AM EST
Subject: Order



I would like to place an order with you to Cyprus, but I am located in California, US. I am wanting to know if you can ship direct to Cyprus, but if not, i can handle pick up from your door step. Also, let me know what type of Credit Cards you accept for payment. {Visa / MC / Amex / Discovery}.

Looking forward for your swift email response & Kindly attach your current price list sheet or direct website link to your full product page.

Kind Regards,
Tom....

Monday, August 1, 2011

Spam alert: Russian Federation Order! from: nabokovent@blumail.org

This is likely spam/phishing:


Hello,

I will like to place order on some items in your store. Kindly tell me if you accept VISA & MASTER CARD as a form of payment and i will also like to know if you ship down to Moscow, Russia. Furthermore, I will be glad if you can email back with the current price sheet and the list of items you have available in stock at the moment or a link to your website where i can find prices on each products.


Your total effort on my order to be completed would be dearly appreciated!


I can't wait to do business with your company.

Best Regards,
Andrei Nabokov
Owner.



Nabokov Enterprises.
Address: Povarskaya ulitsa 80,
Moscow 121069, Russia Federation.
e: nabokovent@blumail.org
web: under construction

Monday, July 18, 2011

Spam alert: "Order from Greece." / from: Robert Corwin

I received this message today. This appears to be a phishing scheme to strike up a conversation about buying something, and then that may lead to hijinks. If you receive this message, be wary.

........................

Hello Sales,

I am interested in purchasing some of your products, I will like to know if you can ship directly to ATHENS, I also want you to know my mode of payment for this order is via Credit Card. Get back to me if you can ship to that destination and also if you accept the payment type indicated. Kindly return his email with your price list of your products..

I await your quick response.

From the desk of Purchase manager,

CPT CONCEPT INTL.
Address : Ialyssos Zipcode : 85101.
City : Rhodes,Greece.
Phone : +30 22410 0000

Friday, March 25, 2011

Phone scam by steven bradley 1-800-650-5124 Caribbean Cruise

I received a suspicious call today, and then did some research and found out it's a sales scam.

A person named "Steven bradley" called and said that since I had purchased something at [insert name of any retailer], I was entered in a drawing and won.

He said that the store I bought something at had given him my name. I called the store after my call with "Steve", and the owner of the store said that they had not shared my name. (I know the store owners well.)

What this sales person had really done was do a search on the Internet, and found that my name is associated with a domain for a store. What was really happening: there was no contest. The store had not given Steve my name. This was a cold call, a sales call, and this guy was lying.

Steve said that I was very lucky to win.
He then offered to go over details.
He told me i had won a 75% discount.
He said I was hand selected.
He mentioned First Class Vacations. Carnival Cruise Lines.
He said less than 1% 'selected'.
He said due to tremendous savings, they are extremely limited, and must "keep it to one call." aka: high pressure sales technique. They are giving an excuse to make you decide in a hurry on the phone.

Cruise was for 8 days. "Any caribbean location", including St. Thomas.

He insisted I buy the package right there, after 30 seconds. I sensed it was scam, so I acted very interested, and pleaded to call him back so i could in fact track down this dirt ball. He then gave me his phone number: 1-800-650-5124
ext 314
and name:
Steven Bradley
note: this name could be an alias.

In sum, these companies do a search on a person's name, get some info related to you, then lie and say whatever source they found associated with you has given them your info, and they use this to build trust. Then they act like you 'won' something when in fact it's a plain sales call.

Tuesday, August 3, 2010

Your computer allowing 3rd parties to spy on your every click


A program on your computer called Adobe Flash is collecting all your computer actions in files that are hidden from you, outside of your browser, and selling this info. It can track your keystrokes, what you look at online, health sites you visit, etc. Essentially, it can watch anything you do.

The Wall St. Journal has written about this the past two days.

Notably, this is not normal cookies. This is 'Flash' cookies. It's virus like in that it regenerates on its own if you just choose to delete cookies.

To remove these tracking files, I went to this link:

http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html

Instructions on what to do on this Adobe page above are listed here:

http://www.imasuper.com/66/technology/flash-cookies-the-silent-privacy-killer/

Thursday, May 13, 2010

Spam alert for Garry Cole

I received this e-mail below today, and it's likely spam and a phishing scam.

From:
garryoffice2@gmail.com

Dear Sir/Madam
Am Mr.Garry and would like to order Picture Frame from your
store and would like to know the types and sizes you have in stock as
well as the prices and the types of credit cars that you take for
payment.Thank you and waiting to hear from you as soon as possible.

Regards
Garry Cole

Wednesday, January 13, 2010

Beware of fake tableware and fine china websites


I received a Google alert for my name "Jason Solarek', and noticed that my name was mentioned on a tableware website I'd never visited. I have no association whatsoever with this site. Yet, my name appeared on the site. Please see screen shot above.

I then visited the site, and realized this site is a sham. This is a site generated by robots that go out and comb the internet for certain keywords. The site then adds this data to its site, as if it were its own data and authentic. In this way, it appears that I visited this site and posted content on it. I never did. This is misleading, and false.

This is the fake site: http://www.noritake-tableware.com/gallery

I then took a look at the company on the Contact Us page. A warning sign was the the company says "Contact Us" but does not offer a phone number or address.

I visited site for the company that designed the website.

http://www.19parking.com/

19parking.com creates bogus websites that clutter the internet.

They also have a Contact Us page without a phone number or address. A red flag is always a company without a physical address listed.

Tuesday, December 15, 2009

Reader "comments" on your blog can be spam

When you blog, you appreciate comments from readers. However, some comments may have alternate motives. Please see this comment below that I received. This is a generic comment, and is spam. These are sent out to millions of blogs. Sometimes, people are hired for pennies to tailor these comments and submit them individually to each blog.
These people are trying to embed links on my blog site. The link this person is seeking to embed is "It Solution", which is a hyperlink in his post. The person wants this because it can help the person's own site rank in a Google search for "It Search".
As such, I do not allow these comments on my blog.


From: saurabh
Date: December 15, 2009 6:23:08 AM EST
To: jason@solarek.com
Subject: [Website Design and Strategy for Home Goods Brands and Retailers] New comment on Luxury website design for Connecticut store.
Reply-To: noreply-comment@blogger.com

saurabh has left a new comment on your post "Luxury website design for Connecticut store":

this is really great stuff! very useful tips and innovative designs. what a great blog.....
(this is the link in his message:) "It solution"

Publish this comment.

Reject this comment.

Moderate comments for this blog.

Posted by saurabh to Website Design and Strategy for Home Goods Brands and Retailers at December 15, 2009 3:23 AM

Friday, September 4, 2009

Alert About Potential E-mail Scam to Phish for Customer Information

I received this e-mail today, and it's likely spam. This is similar to the other phishing schemes I've seen that mention a purchase and desire to pay before a product has even been chosen.



e-mail from:
tri3p@yahoo.com
Subject: information

Dear sir/madame,

I need your information if I'am order for your T-shirts product but for a small quantity
with delivery to Singapore and payment by t/t or credit card can you process or not.
Pls your comment as soon as your receive this e-mail and thank you for your kind
attention.-

Regards,
J.Richard

Wednesday, May 6, 2009

Purchasing inquiry e-mail a possible scam

We received this message below twice. It's possibly part of a purchasing scam to fish for e-mails or more. I'd be wary of messages like this.

from:
stelcomms@gmail.com

Hello,

I'm from Singapore and I want to order from you.
Could you ship worldwide to Singapore or Indonesia...???
Could you ship the item by FedEx Delivery...???
Do you accept credit card payment...???
I'm waiting for your next response today. Thanks and have a nice day.

Sincerely

Nicholas Tan

Thursday, February 26, 2009

Internet Scams: Fake Orders and Freight Company Inquiries

Below is an e-mail tread that tracks the evolution of a scam. It's from a Larry Wedge, who suggest he's a business person in Sweden. I became suspicious after he asked that I e-mail a very generic sounding address about getting freight charges. He then called me 3 times on Tuesday, and 3 times yesterday. After I sent him the e-mail asking for detailed info, he stopped calling. Notably, what number did he call from?

Larry's phone number: +233278525083

I looked it up, and +233 may be the country code for Ghana. Quite far from Sweden!

Wikipedia has a nice article about how these scammers string you along, and eventually get your money:
http://en.wikipedia.org/wiki/Internet_fraud

Stay clear.

.....................................

Hi Larry,
Thanks for the call this morning.
We need a few things here to move forward. I need this information to complete required paperwork here in my office. I appreciate your time on this.
1) What is your office telephone number in Sweden? Do you have a company website?
2) What is the name of the shipping company, its address, and its contact info?
3) Do you plan to use the messenger bags as gifts, to sell them in a store, or something else?

We appreciate your business.
Thank you,
Jason

On Feb 24, 2009, at 2:51 PM, larry Wedge wrote:


Hello
I will like to order 200 Qty of the bags@ $7,998 I will like you to contact (exportfreightco@gmail.com) with your store location, the total weight on the bags , the delivery address below and request for a freight quote. Please let me know how much it will cost me in totality to have these bags order and shipped.

Stortorget 2-4,SE- 831 30
Ă–stersund (Sweden)

Kind Regards
Larry Wedge

--- On Tue, 2/24/09, Jason Solarek wrote:
From: Jason Solarek
Subject: Re: Special Order.......
To: larry.wedge@yahoo.com
Date: Tuesday, February 24, 2009, 4:14 PM

Dear Larry,
Thank you.
To confirm, you'd like this bag:
Correct?

Since you are ordering 200 bags, you are eligible for a special discount price.
Normal price:
Discount price:

We do accept credit cards. Credit card fees are not included in this discount
price, and credit card processing fees are added to the discount price. We
appreciate your understanding. We also accept checks, although this may take
longer to process.

How would you like to proceed, sir?

ps–How did you hear about us?

Thank you!

Jason


Jason Solarek


On Feb 23, 2009, at 2:04 PM, larry Wedge wrote:

>
> Thanks for your reply ,And i went through your website and i will like to
order Amsterdam Airport Netherlands AMS Messenger Bag with the price of $39..99
and i will like to order 200pcs and i will like you to email me back with the
total cost for the 200pcs excluding freight cost..Hope to hear from you soon
>
>
> --- On Mon, 2/23/09, Jason Solarek wrote:
> From: Jason Solarek
> Subject: Re: Special Order.......
> To: larry..wedge@yahoo.com
> Date: Monday, February 23, 2009, 6:41 PM
>
> Hi Larry,
> What items would you like?
> Can you please send me a website link to the item you'd like?

>
> Thank you!
> Jason
>
> On Feb 23, 2009, at 11:53 AM, larry Wedge wrote:
>
>> Thanks for you email,And i will let you to email me back with the
price of each so that i will let you know quantities i need from you Thanks
>>
>> --- On Mon, 2/23/09, Jason Solarek wrote:
>> From: Jason Solarek <
>> Subject: Re: Special Order.......
>> To: "larry Wedge"
>> Date: Monday, February 23, 2009, 2:34 PM
>>
>> Dear Larry,
>> Thank you for writing me.
>> What location would you like written on the bag?
>> How many of the bags would you like?
>> Thank you!
>>
>> Jason Solarek

>>
>>
>> On Feb 23, 2009, at 5:52 AM, larry Wedge wrote:
>>
>> > GOOD DAY,
>> > MY NAME IS LARRY WEDGE AND I AM LOOKING TO ORDER TO
SOME(Travelling Bag
>> Model No.:CTO905) WHICH WILL BE PICKED UP FROM YOUR STORE.THESE
(Travelling Bag
>> Model No.:CTO905) ARE TO BE
>> SHIPPED TO MY NEW COMPANY IN (SWEDEN) WITH THE
>> SHIPPING I WILL RECOMMEND A SHIPPING COMPANY TO YOUR LOCATION FOR THIS
PICK UP
>> ,CAN YOU GIVE ME THE PRICE OF THE (Travelling Bag Model No.:CTO905)
THAT YOU
>> HAVE FOR SALE.
>> >
>> > DO YOU ACCEPT CREDIT CARD FOR THIS ORDER?
>> >
>> > HOPE TO READ FROM YOU SOON AS THE QUOTE IS READY.
>> >
>> > COMPANY NAME: Larry&Son..Co.Ltd
>> > COMPANY ADDRESS: Stortorget 2-4,SE- 831 30 Ă–stersund (Sweden)
>> > COMPANY LOCATION:
>> Sweden
>> > THANK YOU,
>> > LARRY WEDGE
>> >