Here’s a roundup of some of the more interesting scams we’ve seen taking place over the last couple of days:
1) I hate Tumblr spam as much as the next guy, but there are some missives doing the rounds that made me chuckle and / or look rather surprised. There’s only so many times you can promise some extra cash in a bland fashion before everybody ignores you, so spammers have moved to Plan B: entertainment (or at least inducing some groans).
Here’s an example of how they continue to tap into pop culture, memes and other assorted nonsense:
Or, to be more accurate, the best spam message ever.
Of course, it’s pretending to be the TumblrBot – it isn’t – and sends you to offers that you can do without. Throw onto the “Don’t bother” pile, but +10 points for raising a cheap laugh. Elsewhere, a tale of sticky fingers takes a nosedive into the heart of the Sun right at the end:
Click to Enlarge
Click to Enlarge
So, that happened.
2) Someone looks to be going after users of Sun Java System Communications Express with the following Phish aimed at tricking users into thinking a “spam filter upgrade” is being put in place that restricts access to “sensitive features” unless they hand over login details:
Click to Enlarge
Some more info on this one can be seen over at Phishtank. This is a bit of an unusual one – typically we see Google Docs phishes targeting social networks and generic email accounts. We’ve reported the page in question to the Google Docs team.
3) A Tumblr site is redirecting users to a fake e-card site whose sole purpose is to lead you to adverts. Landing on the below begins the redirection process:
uqnojoee(dot)tumblr(dot)com
From there, the user is immediately taken to
ecard18-lovers(dot)com
which claims that “LoveBug1136″ – how romantic – has sent you an ecard because they “have a huge crush on you”. Unfortunately, they haven’t and you’re going to continue the rest of the day writing awful poetry.
Click to Enlarge
Clicking any of the links on the page takes you to a dating site signup form:
Click to Enlarge
This one is pretty old, mostly notable for making the leap from Email spam to Tumblr redirects.
4) Let’s finish up with some SMS spam, which arrives on mobile devices with the following message:
“Your entry in last months drawing won you a free $1000 Target Giftcard! Enter “area code” at www.target.com.twty.biz to tell us where to ship it.”
Anyone visiting the URL will find a familiar “You’ve won a giftcard / sign up to a whole bunch of offers to get it” website staring back at them.
Click to Enlarge
It doesn’t matter if the user types in a code or not, simply hitting confirm takes them to their final destination:
Click to Enlarge
As always, treat random phone messages with suspicion – you never really know what’s waiting for you at the other end.
That just about does it for this assortment of spam, scam and phishing. I’m sure there’ll be more to come…
Christopher Boyd
Leave a reply