Spam is Bad

Some of the more interesting spam scams of recent months trick PayPal customers into divulging personal or financial information by asking them to log into Web site that looks very much like PayPal’s own.

They’ve been around for a while but appear to be growing more sophisticated and more convincing of late, Vancouver’s Derek K. Miller writes in TidBITS. But you can still spot them easily, he says, if you know what you’re looking for. Among the handy giveaways:

Every one I have seen has errors in design or language that are unlikely in correspondence from a legitimate company. The writers might misspell words or use them sloppily (such as writing “e-mail” in one place and “email” in another), use slightly inconsistent font sizes, or have spaces missing between words. Often the phrasing that isn’t stolen directly from PayPal’s own pages is off-kilter and strange, obviously not written by professionals. Another giveaway is URLs that point at IP numbers or other domains rather than the paypal.com domain.

We received a couple of these messages at the office a few weeks back. Frankly, we were impressed by how convincing the scam site looked at first. But two things gave it away: 1) the scam site used an IP address instead of a recognizable domain name; 2) the recipients didn’t have PayPal accounts.

SILICON.COM — July 7, 2003 –Fake domain name renewal spam warning — Firms told to be wary of unsolicited requests for .biz and .info registration fees

Businesses are being warned about a spate of rogue firms spamming domain name holders with fake renewal notices asking for money.

The spammers are targeting owners of .biz and .info names with emails warning that their domain name is about to expire and asking for a fee to renew it.

Cambridgeshire Trading Standards and Cambridgeshire Police are now investigating a company calling itself Dot Biz Domain Renewal that was spamming thousands of .biz registrants asking for renewal fees.

Ken Sorrie, director of domain name reseller Internetters, is calling for a crackdown on the spammers and said they are taking advantage of the first .biz and .info renewal dates in October and November to try and cash in on people’s uncertainty about the process.

He said: “This kind of foul play is bringing the industry into disrepute. Because some companies are unable to get business through respected methods, they resort to spamming. There is now enormous pressure for ICANN to introduce a code of practice and enforce registrar contracts.”

Internetters is also warning that some domain name registrars are withholding or making it difficult for people to get hold of authorisation codes needed to move the registration of their web address to another company.

He said: “What also concerns us is that some registrants are not aware that if they want to move away from their registration company they need to obtain their authorisation code from that company to pass onto to the new registration company. Many unscrupulous resellers are either not giving the authorisation codes to their customers, or are imposing ‘release fees’ to move away.”

MINNEAPOLIS–(BUSINESS WIRE)–June 18, 2003–Best Buy Co., Inc. (NYSE:BBY) reported today that as of late afternoon, it became aware of an unauthorized and deceptive spam e-mail to consumers titled “Fraud Alert.” This email, which requests personal information (i.e. social security number and credit card information), claims to come from the BestBuy.com Fraud Department. This message is NOT from Best Buy. Best Buy is working with appropriate authorities to quickly contain and resolve the situation.
The privacy of personal consumer information is of the utmost importance to Best Buy. The company is alerting consumers to contact their banks or credit card companies immediately if they have replied to the fraudulent e-mail in any way.
The company stated it is actively monitoring the situation and doing everything in its power to alert consumers of this fraudulent act.
Best Buy added that to its knowledge, no systems have been compromised, and its online business is secure. If BestBuy.com customers want to check status of their online orders, they may contact Best Buy Customer Care at 1-888-BESTBUY.