Internet Scam 2

Posted: November 8, 2009 | | Categories: Miscellaneous

I don't know why I like writing about these Internet email scams, but I just do. I think it's because I know people are responding to them (otherwise they would go away) and that just fascinates me.  Here's one I got this morning – it's so stupid that I'm stunned that anyone would even try this approach, but you know what P.T. Barnum said, right?

Here's the email I got:

Figure 1

The good thing is that my ISP recognized the email as Spam (no, Spam is not an acronym, it's a breakfast meat product – why do people type it in all caps?) and modified the subject of the message on its way to me. Anyone receiving this should benefit from those types of services that ISP's provide.

I forgot to look at the message headers before I deleted the message. If I'd been smart and thought to do that, I'd be able to show you the actual email address behind the email message. It's always a good idea to look at the message headers of any suspect email – it tells you a bit about where the message really came from and what route it took to get to you. Any message from Facebook that started in some Eastern European country is suspect no matter what. Not because Eastern Europe is a dangerous place to get emails from, it's just that Facebook is a US company and it's likely that any message they send me will likely come from a US Server. Right?

Now let's look at the email address it was sent to: info@mcnellysoftworks.com. Well, I happen to know that I don't have a Facebook account registered using that email address. That's my next clue that it's junk email.

The subject of the email makes sense, nothing too scary there (except for that SPAM notification my email server added to the message).

The body though, just isn't right. I have to think that if Facebook is sending me email messages, they'll take the time to:

1. Make sure it looks professional. I'm pretty sure the Facebook logo will be in anything they send to me.
2. Address it to me. They know my first and last name, any message from my bank, amazon.com, facebook.com, linkedin.com and others better be addressed to me by name otherwise I'm ignoring it. Why would they say 'Dear Facebook user' when they could just have easily have said 'Dear John'?
3. Make sure it's in English. I don't know about you, but 'Accounts that do not submit the updated account agreement by the deadline will have restricted.' Isn't a complete sentence and was probably written by someone who doesn't use English as a first language.

Now, here's where it gets interesting. So Facebook is a very popular, Internet-based Social Networking site, right? Everything (and I do mean everything) they do is done online, right? So, why would they send me a zipped attachment containing an account agreement? Nope, they'd never do that. Take that a step further and ask yourself, not only would they not send me an attachment, they also wouldn't ask me to launch an executable to access the agreement. If, by the wildest stretch of the imagination, Facebook did send me an account agreement as an attachment, wouldn't you think the the attachment would be a text file, a Adobe Acrobat file (.pdf) or even a Microsoft Word document (.rtf, .doc or .docx)? It's an absolutely ridiculous premise that people would think it's OK to unzip and attachment and execute an executable (I know, redundant) to access an account agreement for the world's biggest Internet site?  Seriously?

Anyway, I think it's funny that these spammers and scammers are still trying this approach. But, as I said at the beginning, they only reason this would still be happening is if either the scammers are really, really stupid or people are actually following the instructions and launching the attached executable. It has to be the latter and that just scares me.

Next Post: How NOT to build a BlackBerry Java Application

Previous Post: Moving a Joomla Site

Header image: Photo by Marcos Paulo Prado on Unsplash