Stupidest Spam of the Week Chinese Consultant

There are endless spam emails designed to get you to supply the scammer with your name, address, personal information and even financial information.

Recently a lot have appeared to be from China. This may be false of course, as most of these messages use personal email addresses (e.g. Gmail, Hotmail etc.) which anyone from anywhere in the world can get.

An example of the latest such messages – “This is an official request for Professional consultants from USA or UK only to stand as our official representative to run logistics on behalf of Shougang Group.”.

It goes on to say you will be paid $5,000 per month and will keep 10% of all charges to your customers.

Clearly, any legitimate company wanting representatives in foreign countries would go through a careful recruitment process, not send out bulk emails to vast numbers of unknown people.  

The point of the message is to get you to supply them with a list of personal information specified at the bottom of the email and it even claims you can do the work while full time employed in your current job.

We really hope no-one responds to this very obvious phishing email or any similar ones.

To enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

Facebook and Bad Adverts

Facebook seems to be a little worried about the abundance of fake and/or misleading adverts on its platform.

These adverts usually occur when a scammer takes over someone’s Facebook account and pays for a lot of adverts using the stolen account.

Those adverts can be anything, but are typically for:

  • Fake products
  • Real products but of very poor quality
  • A pop-up business that will disappear before customers have time to complain
  • Scam pages that pretend to be government or FBI or major retailers but simply steal the users confidential information
  • Clickbait pages

Facebook say the problem is ‘low quality’ adverts  and they give three examples:

  1. Engagement Bait

These are your typical ‘like and share’ posts, re-purposed as adverts. Facebook does not like them as they can show false popularity.

  1. Withholding Information

Adverts designed to make people click by using clickbait are also disliked as they are fake content.

  1. Sensationalized Language

Adverts which use exaggerated headlines or lead to content not matching the headline are poor. The use of superlatives is fine where they are justified by the content.

Facebook says it will penalise anyone who infringes the rules.

Penalties

Facebook say that adverts considered to be low-quality will see reduced distribution in the advert auction, or will be disapproved.

Multiple adverts marked as low-quality may impact the performance of all adverts from that advertiser.

If you are running a Facebook campaign and use what Facebook consider to be low quality adverts then your campaign will likely cost more and perform worse than if you create better more honest adverts.

If you have any experiences with Facebook scams and problems do let me know, by email.

Fightback Ninja Signature

Spreadsheet Macros

Scammers send out huge volumes of emails containing malware attachments and they try to get the recipients to open those attachments. Some of these contain programming code which activates as the file is opened, so this can be dangerous

You can avoid attachments that are actually programmes, but spreadsheets are very useful for financial documents e.g. invoices and statements.

Microsoft Excel spreadsheets usually have the file extension .xls but ones that contain macros are usually .xlsm

Macros are Excel programming code and can contain malware so you need to be beware of these.

e.g. an email claiming to be from Bank of America with a confirmation notice in the format of a spreadsheet with macros i.e. .xlsm format.

Some email systems will automatically turn off automatic macro activation and some anti malware services will do this, but best to be sure by not opening the attached file, however much you may want to know what’s in it.

One particularly nasty phishing campaign used spreadsheets with macros to install a remote access trojan  on the computer’s system. This trojan is known as Grace Wire or Flawed Grace.

That software then steals information from the system and sends it back to the scammer. The attachment also contained malware downloaders that install Dridex and Trick banking trojans.

Do not open attached files unless you are certain they are safe.

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

Drive-by Downloads

Generally on web pages, you have to click a link or a button or do something to enable the page to download malware to your device.

But, if your software is sufficiently out of date or missing security updates, then  it may be possible for a web page to initiate a download of malware without you taking any action and it may not warn you of the download.

This can be very dangerous.

Anti-malware services can generally spot such danger and block the download but the key is to always keep your software fully up to date.

Common drive-by exploits

Hackers looking to create drive-by malware, generally look at the following:-

  • Old operating systems
  • Browsers such as FireFox, Chrome, Opera, and others, especially out of date versions
  • Out of date browser plug-ins
  • Early versions of Microsoft Office
  • Adobe/Shockwave Flash (ActiveX)
  • Adobe Reader
  • WinZip compression

The types of drive-by malware commonly found include:-

  • Trojan horses – these take remote control of the user’s device
  • Ransomware—allows the attacker to encrypt or threaten to destroy data on the device unless a ransom is paid
  • Botnet toolkits—attackers may install a botnet application that on many devices which can then be controlled as one to carry out actions such as sending spam email or participating in DDoS attacks
  • Man in the Middle tools—enables attackers to eavesdrop on the user’s communications
  • Keyloggers—capture keystrokes and feed them back to the hacker.

If you have any experiences with scammers, spammers or time-wasters do let me know, by email.

Fightback Ninja Signature

Request For Quote Scam

Sending a request for information is a standard way that hackers check whether the email addresses on a spam list they bought are valid.

If they get a mail reject message then they know the email address is fake.

If they get no reply then the address is real but the owner isn’t stupid enough to reply to a spam message and if the reply is helpful then they know the address is valid and the owner is a good case to be scammed.

More enterprising scammers try to get information from business by sending out messages claiming to want product catalogues, price lists, updates on latest products, guarantee information etc.

The latest set of such Request for Quote emails goes further.

They look professional at first glance, have company names, addresses and contact details, use colour and different fonts to create an impact and have good grammar unlike so many scam messages.

Some even have confidentiality notices at the bottom.

We would appreciate if you send us a quotation for the attached items and also indicate the manufacturer name and country of origin, delivery time and terms of payment”.

The messages are fake of course as genuine businesses do not send in requests for quotation without first having made contact and provided all necessary details and verified that you are a genuine supplier of the relevant goods or services.

The messages are elaborate but the scam is simple and the messages should be deleted.

If you have any experiences with phishing scams do let me know, by email.

Fightback Ninja Signature