If you are doing your shopping online, be vary wary. This time of year is notorious for taking advantage of naive online shoppers as ’scammers’ will throw up junk sites hoping to capture your credit card info or take your money and give you nothing but headaches. If you are going to buy expensive items online, make sure you are purchasing them from a reputable retailers (or eBay sellers).

Here are a few warning signs which might let you know an online site is not on the ‘up and up’:

• Price is significantly lower than anywhere else.
• You cannot find any information about the retailer online (you can try doing a Whois search to see how long the domain has been in existence).
• Thrown together looking site. This is not necessarily a warning sign, but someone looking to take advantage of naive buyers probably will not put together an impressive site.
• No contact phone number or the phone number goes to someone’s answering machine.

Again, these are just a few things to be wary of. Personally, I stick to sites like Amazon and the like as it is worth it to pay a little bit extra to _know_ you are going to get the item… and can return it if needed.

I have noticed a few suspicious emails recently and people have forwarded me copies of an email appearing to come from Network Solutions Tech Support. This email is fake (here is the notice from Network Solutions).

The only reason I am posting this as a tip is because several people have forwarded me this email telling me to make sure our domain information gets updated, so if they are believing it others probably are too.

One thing you will notice when you click on the link in the email is it takes you to a fake domain which ends with “.sys58.biz”. This is all you need to know to see it is a fake. The scammers simply mirrored the network solutions home page (ironically, it has the phishing scam warning on their page) and are redirecting your login information to their database, so they can log in as you and steal your domains by transferring it to them.

If you get this email, delete it.

For your reference, here is a copy of what the email looks like. I have seen several slight variations but they all link to the same page:

Subject: Inaccurate Whois Information / Your Domain Is In Transfer / Your Domain Is About To Expire

Dear Network Solutions® Customer,

On Fri, 31 Oct 2008 11:36:29 +0200 we received a third party complaint of invalid domain contact information in the Whois database for this domain Whenever we receive a complaint, we are required by ICANN regulations to initiate an investigation as to whether the contact data displaying in the Whois database is valid data or not. If we find that there is invalid or missing data, we contact both the registrant and the account holder and inform them to update the information.

Please note: ICANN (the Internet Corporation for Assigned Names and Numbers) regulations state that the WHOIS Administrative Contact may initiate and approve domain name registration transfers from your Network Solutions account to other Registrars. If you are not listed as the WHOIS Administrative Contact a transfer can occur without your knowledge if Domain Protect is not enabled for the domain name registrations listed above.

To change the WHOIS Administrative Contact Information for any of your domains, please login to Account Manager:

1. Log in to Account Manager at: http://www.networksolutions.com.  <- This links to a fake domain ending in “sys58.biz”
2. Click on the “Profile & Accounts” tab in the left navigation menu to be taken to a page listing your account details.
3. Click on “Accounts” and select the account you wish to edit.
4. Click “View/Edit WHOIS Contacts” to make your updates.

If you believe someone requested this change without your consent, please contact Customer Service.

If you would like to order additional services or to update your account, please visit us online.

Thank you for choosing Network Solutions. We are committed to providing you with the solutions, services, and support to help you succeed online.

Sincerely,
Network Solutions® Customer Support

In an age where people love to try to scam you over the Internet, it amazes me how many people actually believe someone will pay you or some picture will appear on your screen by simply forwarding an email.

I received the email below a few days ago and before it ‘graced’ my inbox, I could see that it had been to well over 200 other email addresses who recipients subsequently forwarded it. I remember getting emails like this 15 years ago when I first got email, so apparently they are still going strong.

These emails are a complete waste of time, bandwidth and storage. In fact if I were a spammer, I would have just been hand delivered over 200 confirmed working email addresses.

If you get an email like this, please do everyone a favor and delete it immediately.

Here is the email text (seriously, who actually believes this?):

Read  carefully…
THIS  TOOK TWO PAGES OF THE TUESDAY USATODAY – IT IS FOR REAL
To all of my friends, I do not usually forward  messages,
But this is from my friend [...] and she  really is
an attorney.
If she says that this will  work – It will work. After all, what have
you got to lose?
SORRY EVERYBODY.. JUST HAD TO TAKE THE CHANCE!!! I’m an
attorney, And I know the law. This thing is for real. Rest  assured
AOL and  Intel will follow through with their  promises for
fear of facing a multimillion-dollar class action  suit similar to the one
filed by PepsiCo against General  Electric not too long ago.
Dear Friends: Please do not  take this for a junk letter.
Bill Gates sharing his fortune.  If you ignore this, You will repent
later.
Microsoft and AOL are now the largest Internet  companies
and in an effort to make sure that Internet Explorer  remains the
most widely used program, Microsoft and AOL are  running an e-mail
beta test
When you forward  this e-mail to friends, Microsoft can and will
track it (If  you are a Microsoft Windows user) for a two week
time period.
For every person that you forward this e-mail to,  Microsoft will pay
you $245.00 For every person that you sent  it to that forwards it on,
Microsoft will pay you $243.00 and  for every third person that receives
it, You will be paid  $241.00. Within two weeks, Microsoft will contact
you for your  address and then send you a check.

Regards.

[...]
Thought this  was a scam myself, But two weeks after receiving this
e-mail  and forwarding it on. Microsoft contacted me for my address and
within days, I received a check for $24, 800.00. You need to  respond
before the beta testing is over. If anyone can afford  this, Bill gates is the
man.
It’s all  marketing expense to him. Please forward this to as many
people as possible. You are bound to get at least $10, 000.00
We’re not going to help them out with their e-mail beta test  without
getting a little something for our time. My brother’s &nb sp;girlfriend got in
on this a few months ago. When I went to  visit him [...], she showed me her check.   It was for the sum of $4,324.44 and
was  stamped ‘Paid In Full’.

We all get spam in our email. Probably lot of it. We get the guys trying to get our help transferring millions of dollars out of his country. We get the Viagra ads. We get the mortgage deals. And, yes, we get Britney Spears nude pics. Of course, they are fake. They are designed to lure you into clicking the link.

Ever wondered what happens when you click the link? Well the guys at Sophos think about it. They created a video to show you what happens when you click the link. And they use Google Earth to show how the Internet makes these scams so hard to track.

And now you know. Get Britney in your email? Steer clear of it.

If you do any form of communication over the Internet, online frauds and scams are something you always have to be wary of. I have been fortunate enough to avoid such scams as I keep my email reasonably locked down, have a relatively good “BS detector” and am overall a tad bit on the cynical side (only slightly though!… maybe…). That said, I have never been an actual singled out target for a scammer until recently.

I thought it would be fun to do a writeup dissecting exactly how the scam worked (in a both a real world/average user approach as well as in a technical sense) and also point out how, with a careful eye alone, you can spot a fake (or spoofed) email. Sit back and enjoy.

The Scam – A Real World Perspective

A couple of months ago I decided to post a couple of old laptops (one of which was advertised for parts only) I had laying around the house on eBay. I go through the usual motions, of taking a picture, setting a price, etc. One of the stipulations I clearly put in my terms of sale was I would only ship to the United States. So the week of the auction goes by and my “for parts” laptop sells, but of course to someone in Nigeria.

The “buyer” (interpreted loosely in this case) in Nigeria sends me an eBay request for an invoice, to which I reply with an eBay message telling them:

I’m sorry, but as stated in my auction, I only ship to the United States.

Of course, the buyer sends me a few more messages as they must have been checking their email at the same time as me, one of which says (none of the emails are edited):

Have already transfer the moeny..so i have paid the sum of $100.00 for the shipment fof the item through USPS Global express mail…so i want you to get the item posted as sson as possible..

Now, from the email image above, my item sold for $56 with a $10 shipping fee, so the buyer was going to “pay” me $100 to ship a for parts only laptop to them overseas. I was scratching my head at this point and then I receive an email from eBay:

No sooner did I finish reading this, I received “another” email from “eBay” contradicting what the previous message said. I only had to read first paragraph to tell this second email was a fake. I took a look at the email headers which clearly proved this was a fraudulent email. I have highlighted everything in the email below which is evidence support the email is garbage.

Reading the text is actually quite humorous as the text is so poorly written. Combine that with the fact of the reply to addressing being an @instruction.com email.

It doesn’t stop there, about 45 minutes later I get a “payment confirmation” from “Paypal”. Not only had payment been made, but this this generous individual “payed” a total of $300 for a $66 item. They must have really wanted the parts. Of course, the Paypal email was a fake in the same fashion as the eBay spoofs.

I will say this for fake emails sent, at a quick glance they do appear legit. A respectable job was done in replicating the fine print at the bottom (not showing in the “Paypal” email). All the images (when shown) resemble their authentic counterparts and (most of the) links in the emails took you to the correct locations.

After I received the first fake eBay email telling me the item was reinstated “and you can go ahead with the transaction”, I did not send a another email to the scammer. Here are all the emails they sent me after this, each getting a bit more threatening:

2 days later:

Payment made for your ebay item.

i have transfered the payment for your item and the money for your item as been deducted from my paypal account.and i have not head anything from you since then.so i want you to get the item shipped to my store’s address and send the shipment tracking number to paypal at their customer care link given to you in order for the money i transfered to be credited to your account.
get back to me as soon as possible so that we can dialog and complete this transaction.

1 day later (this one from “Paypal”):

PayPal Shipment Reminder for Transaction ID: 92S849286985130M

PayPal Postage Verification Center is using this message to remind you of the transaction between you and [fake name] about an eBay item paid for by the Buyer who also is our Client .We are yet to receive the shipment details of the transaction,the buyer has paid and your money is still in our Account Database ready to be credited into your account once we verify the shipment of the item.
The buyers shipping address has been confirmed by us:

[... address information ...]

This PayPal payment has been Confirmed and Approved by us,but due to that its International Transaction all we need from you is the shipment proof for the verification of your money.Once this as been received and verify by us,You will receive a CONFIRMATION E-MAIL from us informing you that the money transfered to your account as been credited.

1 day later:

Why can’t you just reply !!!!!!!!!!!

I have transfred the payment for your ebay item and the money for the item as been deducted from my account.and i receive a mail from paypal informing me that to protect bot parties that you need to send to the the shipment deatils for the item so that thye can creditmthe money to your acount so i want you to get the item shipped and get back to paypal at thier customer care link given to you….
N:B :
I want you to get back to me or else i will report….!!!!

3 days later:

Confirmation of payment…get item shipped!!!!!!!!!!

i have Already contacted pay pal on your behalf about your fund and the explain that they are taking new procedure for international transaction in order to secure but buyer and seller against fraud and they just introduce the new system for international transaction only and your have been deducted from my account already and i await you to complete the transaction.I hope you would have been contacted by pay pal now for confirmation of payment.
thank you and pls reply if you have any question

3 hours later (this one from “Paypal”):

*** Message From PayPal Postage Verification Department ***

Dear Customer,
PayPal is using this time to remind you about the transaction between you and [fake name]. The money transfered to your paypal account by [fake name] for your ebay item as been deducted from her account and its here in our Data Base side for security purpose. so we want you to get the item shipped to the buyers address and get back to us for verification of your money to your account once we have the shipment details for the items from you, your money will get credited to your paypal account immediately. Now get this done as soon as possible and get back to us with the shipment details so that your money been PENDING days ago can be release and credited to your paypal acount.

Thanks for contacting us.
We hope to serve you better till Future.

After the last reminder from “Paypal” I didn’t hear anything else. The timing was such that they waited a week with no response from me before giving up and moving on. This having been the first scam I was singled out on and looking at it from an average user’s perspective, I can understand how someone would fall for this scam. In general the emails are convincing enough (although, the scammers spending 30 seconds to spell check and proof read their emails would make it more convincing) to lure in someone who is relatively new to eBay or somewhat naive/trusting. It is a real shame these are the ones which get taken advantage of.

The Anatomy – Breaking Down The Scam Technically

In this section, I am going to do a quick breakdown of some of the technical elements which definitely prove the emails are fake. You do not have to be a “geek” to follow as I will explain in plain English.

Since the scammer sent me several fraudulent emails, they must have gotten my email somewhere. My eBay user name is not my email address and I have nothing in my eBay profile to indicate my email. So the first place I started looking was in the emails eBay sent to me and, indeed, they got it on the invoice request email.

As you can see, the email was sent to me but additionally to the scammer via the carbon copy (the scammer’s email is blurred out). I can only guess when the scammer was sending the email through the eBay system, they selected the option to have a copy of the email sent to them. If this is the case, I cannot believe eBay would be so careless as to let this happen as they are adamant about warning you to only send and respond to messages using the eBay system. Supplying such a simple vehicle for unscrupulous people to subvert this safety measure is a big time failure on eBay’s part. Again, I stress the emphasized “if this is the case” above.

So once they had my email address, the barrage of spoofed emails ensued. From here, producing their cleverly replicated eBay and Paypal emails was, probably, just a matter of copying and pasting a template email where the scammers reproduced a legit email, modified the text and “filled in the blanks” with my information. In the case of this scam, the email format was replicated reasonably well, but the wording of their text was so poor you could recognize the email as a fake right away.

Suppose the scammers did take a few minutes to actually read their email before sending it and the result was an email which is the spitting image of a legit message with flawlessly worded text. How do you recognize it then? You have to use the full email headers to find out where the message originated. To demonstrate the dissection of the headers, take a look at the image below where I have headers from a legit email sent from eBay on top of the headers from a fake email.

When you take a look at the information indicating where the email was sent from (look at the “Received:” values above), you can immediately see the domain name for valid emails end with “ebay.com” where the fake ones end with “yahoo.com”. Why would eBay send messages from Yahoo’s servers? They wouldn’t. The scammer was clearly using Yahoo Mail to send their fake emails.

By doing simple things like changing the ‘friendly name’ on their Yahoo Mail preferences to something like “service@ebay.com” or “notification@paypal.com” in place of where you would usually put your actual name and changing the ’send replies to’ setting to an equally crafty email address can make an email appear to be legit when only quickly glanced at.

Taking Action: Protecting Yourself And Reporting Scams

The most effective weapon you have for protecting yourself against scammers is common sense. Scammers make a living by playing to people’s naivety, trust, greed, ego or all of these. In my case, why would someone voluntarily pay me $300 for an item which went for $66 total? This is way to good to be true as nobody is that generous. Combine this with the incessant fraudulent emails calling for immediate action “or else”, the scammer was counting on me being naive, trusting or greedy. Another interesting observation is they used a female name, for all of their correspondence. Perhaps there is more perceived trust when you are dealing with a woman? I have no evidence to support this, just a thought I am throwing out.

As an extra measure, and to help others thwart these types of scams in the future, pretty much all major online sites have methods to report suspected fake emails. In the case of eBay and Paypal, this involved just forwarding the unmodified email to “spoof@ebay.com” or “spoof@paypal.com”. I did this for each of the fake messages and got a response back in no later than 30 minutes. Any time you suspect a email to be fraudulent but are not totally sure, be sure to do this before responding to the suspect email.

If you have already fallen victim to a scam or want to report the attempt, you can report them to the Internet Crime Complaint Center. Here you fill out a somewhat detailed form regarding the scam (i.e. how did they solicit you?, how did they want you to send money to them?, where did they want you to send money?, etc.). I filled out one to report this scam attempt. Every little bit helps.

Stay smart.