A trip you didn’t plan?

Looks like the old scammers have new tricks.  This one drives you to click on a link, (http://sitesubmiturl.com/4txGy2fG/index.html) that is really a hidden link to (  That is actually a domestic ip block owned by Global net Access, LLC (GNAXNET)

The webserver it’s attached to seams to be spitting out 403’s now..



You should check in from 24 hours and up to 60 minutes before your flight (2 hours if you’re flying internationally). After the check-in, all you need to do is print your boarding pass and go to the gate.

Confirmation code: 810227 Check-in online: Online reservation details

Flight 4164 Departure city and time Washington, DC (DCA) 10:00PM Depart date: 4/5/2012

We are committed to protecting your privacy. Your information is kept private and confidential. For information about our privacy policy visit usairways.com. US Airways, 111 W. Rio Salado Pkwy, Tempe, AZ 85281 , Copyright US Airways , All rights reserved.

707-955-3042 Another Credit Card Scam

Photo Jan 26, 12 06 13 PMThe bad guys are limiting themselves here a bit. 

“From x97329@nextel.com

7079553042: Dear H&R Block customer your EmeraldCard has been locked.  Call 7079553042 to unlock it.”

They are hoping that who ever get’s this text message is an H&R Block customer and that they have an EmeraldCard.  So you call back the number and then you have to key in your entire credit card number, expiration date and your PIN. 

The voices are all computer readouts, no actual voice recordings.  the IVR is pretty advanced.  It challenges the number you key with the actual structure of mastercard.  So I threw in a test MC just to see what would happen.  Sure enough they tried to run charges through using the bogus data sent over. 

If your reading this then your part of an audience that is SURELY cleaver enough not to fall for this sort of scam but perhaps someone may “google” that number and be pre-warned of such a silly attempt. 

Scammers using kids now…

In the mail bag today:

From: “Barbara Cole”<bcole@go.com>
Subject: Help me please
Date: December 31, 2011 3:06:54 PM CST
To: undisclosed-recipients:;
Reply-To: <bcole013@yahoo.co.jp>
I’m Barbara Cole, I’m 15 years old girl I live in Bolton UK before my Dad passed away in a car accident 3 years ago, I now live with my step mother in Warrington, My mother died immediately she gave birth to me. My late Dad Mr.Norman Cole was a big business man in UK before he died in a car accident 2007 I am the only child of my Dad, he died 3 days after the accident, He Will all his life savings to me, I have been trying to collect the funds from the bank but the bank MD CEO refused, he said I should present someone old enough so he can transfer the funds to the person that I can’t be in control of the huge amount of funds because I am still a teenage and it is against the UK law.
I would have told my step mother to assist me in collecting the funds from the bank but she is not a good woman, my Dad warned me about her before he died, now that I live with her I now understand that what my Dad said about her was true, because she don’t give me attention she don’t care if I am alright or not, all she do is to take hard drugs and bring different men to the house. I don’t want to have anything to do with her. If I get her involved in this she will use all the funds to take hard drugs.  All I wish for right now is someone old enough and honest to help me collect my funds from the bank as I am still a teenage and it is against the UK law.  Why I can’t wait until i am 18 years is because what my step mum is doing to me is not fair and i don’t want her to Influence me with her bad life style i just wan’t to live so i can live a better life.
I know we don’t know each other but please I need your help if you can assist me to collect the funds from the bank I will give you 50% out of the funds, Then you will help me invest my 50% until I am 18 and I will be staying with you or you will get somewhere for me to stay until I am 18 years old.
If you agree to help me, I will send you a copy of the Will and my picture so you will know me, and I will send you the contact of the Bank and tell you how much is the funds so you can contact them, and I will inform the bank that you will contact them that you are the person that want to help me.
I will be waiting for your urgent reply so I can send you the contact of the bank and my father’s Will and death certificate.
Please this letter has to be confidential,and I need your 100% trust and loyalty because the lawyer I got involved wanted to made away with the money, so I told the bank not to transfer the funds to him, I already promised to give you half of the funds so please be honest with me.
If you are interested please reply me on my email: bcole013@yahoo.co.jp
Best Regards
Barbara Cole

XM Radio, should I trust you?

I got a new car, well a used car but new to me, and in it came an XM receiver.  As little as I listen to the radio, I wasn’t really interested but I do enjoy listening to NPR and the local NPR (KMBH/KHID) do horrible jobs with their local programing.  The chance of listening to a national feed of NPR would be very appealing.  So I went to XM’s site and found this FAQ

How do I activate the SiriusXM radio in a new pre-owned vehicle?

So i clicked and was taken to:


that directed me to


I was prompted to enter my zip code and ESN #

Now this car was bought in a local lot so the chance of having the same zip code as the previous owner is fairly high.  I put in the info and was given this page next..

I was then giving the previous owner’s name, account number and address.

Companies who we chose to do business with should make more effort to ensure that the information we trust with them is protected.  Consumers also need to be aware of what that give out.  I try and always use my post box for an address instead of my home address.  I also give out my google# instead of my home/cell numbers.  Also assigning email addresses that can be tracked to find out who is giving it out helps greatly.


Mail Bag

Call me paranoid but I really don’t like giving out my email address to just anyone.  If you have my email address, you should consider yourself pretty darn lucky.  When I’m asked to sign up for something or an email address is required, I usually use an email address specifically created for one time use or junk.  Before this used to just be an email aliases of my actual address- but recently I split the two so I can know exactly what is sent to the fake address.  Here is what’s in that inbox right now…


I went ahead and clicked on a few (with a html disabled for added protection) just to see what was in some of these.

Continue reading Mail Bag

Poor George

there comes a time when you quit feeling sorry for the people that fall for these things.

From: “Trustees”<trustees@solicitors.com>
Subject: Will
Date: October 25, 2011 9:01:52 AM CDT
To: undisclosed-recipients:;
Reply-To: <lawofficeinuse@gala.net.>
On behalf of the Trustees and Executors of the estate of Late George Brumley, I wish to notify you that he  made you one of the beneficiaries of his estate.
Please reply with your contact details.Regards


FDIC wanna-be

So i get this email today,

Dear Business Owner,

We have important information about your financial institution.

Please click here to see further details.

This includes information on the acquiring bank (if applicable), how your accounts and loans are affected, and how vendors can file claims against the receivership

I have to admit, the bad guys are getting better at grammar and presentation.  Once you click on this link it takes you to a site with a “please wait while page is loading”  At the same time, your browser begins to download a file, information1234234.pdf.exe

I’m sure all of you are smart enough to not open a file that’s automatically downloaded to your computer and i’m sure your smart enough to see that it’s really an exe and not a pdf and i’m sure your smart enough not to be using an os or browser that can launch exe’s.

Domain Name………. fdicuser-advice.com
Creation Date…….. 2011-09-15
Registration Date…. 2011-09-15
Expiry Date………. 2012-09-15
Organisation Name…. WILLIAM ONASCH
Organisation Address. 6849 HAYVENHURST AVENUE
Organisation Address.
Organisation Address. VAN NUYS
Organisation Address. 91406
Organisation Address. CA
Organisation Address. UNITED STATES

Admin Name……….. WILLIAM ONASCH
Admin Address…….. 6849 HAYVENHURST AVENUE
Admin Address……..
Admin Address…….. VAN NUYS
Admin Address…….. 91406
Admin Address…….. CA
Admin Address…….. UNITED STATES
Admin Email………. 
Admin Phone………. +1.8187865480
Admin Fax…………

Tech Name………… YahooDomains TechContact
Tech Address……… 701 First Ave.
Tech Address………
Tech Address……… Sunnyvale
Tech Address……… 94089
Tech Address……… CA
Tech Address……… UNITED STATES
Tech Email……….. 
Tech Phone……….. +1.4089162124
Tech Fax………….
Name Server………. yns2.yahoo.com
Name Server………. yns1.yahoo.com

It’s like they are not even trying sometimes…

So I get this letter in the email today…


My name is Marc Ronson, and I represent Adin Antique Jewellery. I would like to present a job offer as one of our finance processors. The part-time job incomes are 10% from the payment you receive depending on your activity in processing the tasks.

For example, for a payment in amount of 1000 USD you receive, your income will be 100 USD. Your incomes will be deduced from the amount of the payment received and the number of payments you can process on a weekly/daily basis.

Note that the payments will be sent to you by our customers and they can vary depending on the products they order from our company.

This job requires little of your free time, so if you are already employed it’s not an inconvenient.

Your tasks can be resumed as this:

1. Receive the payments via bank transfers;
2. Keep 10% from the payment you receive as your income;
3. Send the rest of the payment to one of our agencies in Europe.

If you are interested click the following link and complete the application form.

Click here to access the enrollment form

You will be contacted by one of our human resource managers within 24 hours.

Hope to collaborate with you soon,
Marc Ronson,
IT Executive Manager,
Adin Fine Antique Jewellery.


The link takes you to a well designed site but no matter how much time this IT Executive Manager put into the development, the scheme is the same.  Deposit funds that will not clear, have you send them your own legitimate money, and then when the bank tells you that the original deposit didn’t go through your out the money you sent them originally.

The site doesn’t even register to Marc, it registers to someone in China.  At least it wasn’t nigeria.

qian jun
jun qian 
+86.2122584512 fax: +86.2122584512
Zha Bei District,Da Dong road
Shang hai Shanghai 200085

The old bait and switch

So I get this email today,

fake twitter

The formatting looks good, the from looks odd but nothing to suspicious. I’ve never gotten a notification from twitter like this before but it is going to the church address and I do maintain the church twitter account.  I mouse over the link and find that it’s really going to http://desguacesvilabella.com/andean.html

At first I thought perhaps they want me to give them my account information but in the end it just ended up being an add for viagra.

The moral of the story: don’t just click on any link that “looks” official.  Go to the site directly and log in from there.