![Welcome to Orange Frog Productions Scams, Shams & Flim-Flams Section [Banner]](images/ssff/ofp_banner_ssff.jpg)
- You are here: Home
- » Scams/Shams/Flim-Flams
- » Scams
- » Spoof/General Scams
- »
Page Title:
Please be sure to read my Spoof/General Scams Home Page
NOTE: This page Under Construction/Conversion
This page has not been completely converted to OFPv2 Standards.
When this is completed, this paragraph will go away.
Meanwhile, all external links on this page open a new window.
Things I Did, Below
I, personally, receive email in HTML format. The following was received (and looked) like I received it.
- I removed my email addresses. These came to various accounts and some no longer exist. There are places on this site you can get hold of me if you wish or need to. They are protected from spambots using JavaScript, but all you have to do is click on them.
- All scammer and related email addresses, and any actual website links have been changed, at least putting spaces into them. They appear as underlined blue links, though they aren't.
- Any notes I added in the actual letter are in square brackets ("[" "]"), are bold, red in color, and highlighted. If what I found "behind the links" (email or website) are different than what was displayed, I will include them in this type of note.
- All spelling, spacing, line-wrapping, and punctuation errors are the ones that appeared in the original received email. (I may or may not analyze some or all of these.)
Scam Example
Received 05/29/2006
----- Original Message -----
From: OPRAH.COM News
[link behind "From:" removed - info
and reason below]
To: [my email address to the left of the "@"]
Sent: Monday, May 29, 2006 6:11 PM
Subject: The All-Time Greats of Oscar(R) Night
Dear [my email address to the left of the "@"]
MONDAY'S SHOW: The All-Time Greats of Oscar(R) Night
Oscar stars Diane Keaton and Emma Thompson tell all!
Men, fashion, plastic
surgery and...the big night!
Learn more and talk about this show.
[link removed - info and reason below]
----------------------------------------
MORE FROM OPRAH.COM
Hanging out with the stars of 'Grey's Anatomy'
[link removed - info and reason below]
See the Holocaust through the eyes of a survivor.
[link removed - info and reason below]
The 50 young people Oprah wants you to meet
[link removed - info and reason below]
----------------------------------------
OPRAH.COM E-MAIL SUBSCRIPTIONS
* Click the link below to unsubscribe from Oprah Alerts
or copy and paste the
link into your browser:
[link removed - info and reason below]
* Click the link below to unsubscribe from all Oprah.com
e-mail messages or copy
and paste the link into your browser:
[link removed - info and reason below]
* Oprah.com Subscription Management, 110 North
Carpenter, Chicago, IL 60607
Please note that this address is ONLY for unsubscribe
requests.
TM & (C) 2006 Harpo Productions. All Rights Reserved.
Email Headers
X-Message-Status: n:0
X-SID-PRA: OPRAH.COM News <email
removed - info and reason below>
X-SID-Result: TempError
X-Message-Info:
LsUYwwHHNt3ACVxretNxh1s85mVyEbDO86x7DjtrgQA=
Received: from
link removed - info and reason below
([999.999.999.999 - ISP Masked]) by bay0-mc2-f17.bay0.hotmail.com with
Microsoft SMTPSVC(6.0.3790.1830);
Mon, 29 May 2006 16:11:55 -0700
Received: (qmail 15597 invoked by uid 5553); 29 May 2006
23:11:55 -0000
Message-ID: <20060529231155.15596.email
removed - info and reason below>
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII";
format="flowed"
MIME-Version: 1.0
X-Mailer: MIME::Lite 3.0104 (F2.72; T1.15; A1.47; B3.01;
Q3.01)
Date: Mon, 29 May 2006 23:11:55 +0000
From: "OPRAH.COM News" <link
removed - info and reason below>
To: "[my email address to the '@']" <[my
email address removed]>
Subject: The All-Time Greats of Oscar(R) Night
Return-Path: email removed - info and
reason below
X-OriginalArrivalTime: 29 May 2006 23:11:56.0094 (UTC)
FILETIME=[4784DDE0:01C68375]
See my notes, below for why I removed any links/email addresses in the above email headers.
Notes
This MAY have started life as an actual Oprah.com daily update. I don't know... I don't receive them.
As you can see, this email APPEARED to come from Oprah.com, and all links SAY they will go to information about certain shows, right?. They didn't.
While the links were to the same domain (NOT Oprah.com), there was nothing to indicate where it actually would be going. In fact, it looked like some type of financial site where Oprah MIGHT POSSIBLY have moved or copied old stuff. HOWEVER, I was VERY suspicious for a number of reasons:
- The email came to an address I haven't used for years, and have simply been monitoring. NOTHING has come to this address except periodic emails from the web-based email site for some time.
- While I have been to Oprah's site, looking for information for my wife, I have never signed up for any information, and, if I had, it wouldn't have been with THIS email address!
- While the links APPEAR to come from "logical" folders, they are a parameter (anything following the "?" must be read by the page and dealt with accordingly) to the main page, meaning they may DO something other than show a page. (It COULD be that's all they will do, but why take the chance?)
- All the links shown end in "jhtml", except the last two (see below). These are either JavaScript or Java pages, which mean they will run something when opened. NOTE: JavaScript is not supposed to be able to do much more than display information, and there ARE many "standard" page types (.htm, .html, .shtml, .jhtml, .doc, .txt, .pdf, et al). However, it's better to be safe, if/when you are unsure.
Each section's links ended with the following (in order):
- MONDAY'S SHOW
- /?tows/ coming/ tows_coming. jhtml
- MORE FROM OPRAH.COM
- /?tows/ pastshows/ 200605/ tows_past_20060526. jhtml
- /?tows/ pastshows/ 200605/ tows_past_20060524. jhtml
- /?tows/ pastshows/ 200605/ tows_past_20060525. jhtml
- OPRAH.COM E-MAIL SUBSCRIPTIONS
- /?ui=cb4fba86acd8&t=a
- /?ai=cb4fba86acd8
So, they COULD actually BE to a "show-biz" site, right? No.
I took that first part of the link and entered it in my browser. Guess what? IT WAS A PORN SITE. Nothing but the headers appeared, and I tried to close the site out. It didn't work. It tried to download a trojan horse (my virus scanner caught and quarantined it) and I had to use Windows' Task Manager to close the browser.
[Now you know why I did not show the actual domain or email addresses in this example. While this site is hopefully written for the education of anyone on the 'net, it is not necessarily written for kids, and I don't want to be accused of providing anyone who is underage with access to this type of "entertainment". -bs]
No. Not all "spoof" emails are to porn sites, or malicious, but why take the chance?
Personally, I do it for this site, so I can point out the "problems" with the emails, and to make sure others are warned. I have faith in my own knowledge and capabilities, and my anti-virus program. Still, that one almost caught me.
TAKE THIS AS A WARNING
BE CAREFUL with spam emails that make it though your firewalls and filters. If it LOOKS like a spoof, it probably is. While all are fraud, some are simply questionable, because of where the links take you. The Oprah one, above, should be a MAJOR warning to everyone.
Are you listening?
Return to OFPv2/SSFF - Scams - Spoof/General Scam Home page
Send email to Bill Sanders
()
with questions or comments about this page or site.
This site, all text and graphics (unless otherwise noted) on it
were designed, developed and published by Bill Sanders of Orange Frog Productions.
It and it's CSS was validated and complies with both the:
CSS and
HTML 4.01
validators from W3C.
NOTE: All CSS validates except the "New Window Buttons"
- Their CSS includes some invalid code (ie: hacks)
and warnings for using transparent backgrounds when color foregrounds defined.
Copyright © 2003, 2004, 2005, 2006 by Bill Sanders / Full site last modified: July 10, 2006
