Nonsense Random Word Email Spam - What I call Flak Mail

E-mail flak, at least that's what they used to call it, is a bunch of random words and quotes. What's most strange is that it appears to have no purpose to the recipient. However, this isn't the case.

The senders behind these e-mails, most often a botnet,  can have many agendas, from checking if they've found an active e-mail address (looking for auto-responders and people just curious enough to respond), poisoning  your spam filter, or trying to obfuscate a hack into the recipient's bank accounts. If these e-mails happen to be showing up in your inbox in large numbers, delete them and check your bank accounts and credit cards. It's possible there may be an identity theft in the works.

Some good search phrases to find more info are; random word spam , nonsense email , Bayesian poisoning , nonsense spam , random spam

Or just follow these links -

More info here.

And here.

Flak spam email content;

Subject line;
General Challe also gave himself up to the authorities on 26 April, and was immediately transferred to the metropole.

Message Body;
Under Hickinbotham's captaincy, Geelong did not lose a single game in the 1886 VFA season on their way to the premiership.

A connection to the middle school allows the sharing of some courses between schools.

However, some sources consider Madrid as his native city. France blamed the failure on personnel shortages.

Explosive weaponry caused a higher ratio of injuries to deaths than small arms. [pete.d@spardi.com]

DISH Network Scam

This is direct from DISH Network:


In the past, DISH customers have reported being contacted by people who claim to be DISH representatives collecting money for special promotions or upgrades. For example, some of these callers have offered DISH customers 50% off the normal price of service if they receive an upfront payment via Western Union or Green Dot. They may also ask for DISH account information or personal information, such as security codes, passwords or credit card numbers. These callers are not affiliated with DISH and are not authorized to provide offers.

This message is to remind you that DISH will never call you asking for this or any other information that you have already provided to us. You may be asked to provide this information when you contact DISH directly to verify that you are authorized to access the account and/or make changes.

If you receive a call requesting a payment in exchange for a promotion or upgrade, do not provide any information and disconnect the call. If you have any questions, please contact us at 800-333-DISH (800-333-3474), or chat with us online at mydish.com/chat.

IRS: Early 2013 Tax Return Report!

Tax season is upon us and the scams, viruses, ransomware, and malware guys know it. Be very wary what you open and remember that the IRS won't be sending you attachments. Good luck!

Here's the first blocked "tax" virus of the season. 

Tired of seeing this stuff in your business' E-mail Inbox? Contact Us!

Virus message body;

 Subject: IRS: Early 2013 Tax Return Report!

     From: taxrefund@irs.gov

       To: someone@somedomain.com

     Date: Thu, 09 Jan 2014 05:40:40 -0700

   Reason: virus detected (W32/Heuristic-300!Eldorado)

   Action: deny

Reason: virus detected (W32/Trojan3.HBO)

SCAM Alert - Microsoft E Support Live - SCAM

This just hit a client of ours today. The client called us to see if it was legit and we told them "NO!".

A company calling itself Microsoft E Support or Microsoft U Support Live is calling people and telling them a variety of lies to scam them. Jennifer in this case. Many of the calls will be claiming that Microsoft has detected a virus on your system (they don't do this or really care), or that an ISP detected a virus (possible but doubtful). The goal of the social engineering scam is system access and credit card charges/theft.

Regardless, they will then try to get the victim to enter commands on their system. "Please hold down the Windows Button and press the 'R' key. Now type in 'winver' in the dialog box." (or something similar, maybe inf, or another system file name). At which point  the OS version, or some files will appear, and they will exclaim that the system is infected, and how lucky the victim is that they called.

Next they will try to get the mark to install remote control software like TeamViewer or VNC (both nice software if used by someone you trust). This will give them direct access to the computer. TeamViewer and VNC can be set up for 24/7 remote access without local user authorization. Now they are in and can access the machine whenever it is on AND, maybe even when it is off via the Wake-On-LAN feature on some systems. For a mere credit card number they will happily clean up that computer and probably install a bunch of nasty malware that will grab any other cards the mark has.

Great scam.

Anyway, it is a scam, hang up the phone, tell them to get lost, move on with your day.

Or maybe mess with their heads if you are bored.

Scammer info;

Microsoft Windows Usupport Live or E-Support Live
Operator name; Jennifer
toll free number 888 514 1650 - DON'T CALL THIS NUMBER!

May be associated with this site - www.1stopearcade.com 

Domain Registration SCAM

UPDATED! See Below.

This isn't a message I received personally but it's from a client of ours. I'm posting it as a public warning!

This scam is one all domain owners should be aware of; Asian Domain Registration Service. - www.diicl.org - One look at their site tells you all you need to know about them. We've created a custom blacklist just for these guys!

Don't fall for this! This e-mail is real. They will try to get a domain name owner to register multiple domains through their service by attempting to scare you into thinking that someone else is trying to register your business/domain name. It is a scam! Any domain you like can be registered through the service you already use (GoDaddy, Directnic, etc.). There is no need to communicate with them. Don't even e-mail them back.

UPDATE! A while back I received an article from Christopher Hofman Laursen that has more info on this scam. Here's the link; http://www.europeandomaincentre.com/pages/news-room/domain-management-news/hey!-got-an-email-from-china-domain-name-registration-center-asian-domain-registration-service-in-china-the-department-of-registration-service-in-china-etc.

Bad E-mail Text follows;

On Mon, Sep 9, 2013 at 2:48 AM, Lex Ren <lex@diicl.org.cn> wrote:

(Letter to Head of Brand Business or CEO, thanks)

Dear Sir or Madam,
This is a formal email. We are the department of Asian Domain Registration Service in China. Here I have something to confirm with you. We formally received an application on September 9,2013 that a company claimed MLSN Investment Ltd were applying to register "YOURDOMAINNAME" as their Brand Name and some domain names through our firm.
Now we are handling this registration, and after our initial checking, we found the name were similar to your company's, so we need to check with you whether your company has authorized that company to register these names. If you authorized this, we would finish the registration at once. If you did not authorize, please let us know within 7 workdays, so that we could handle this issue better. After the deadline we will unconditionally finish the registration for that company.Looking forward to your prompt reply.
Best Regards,

Lex Ren
Tel:+86-551-6343 4624
Fax:+86-551-6343 4924
Address:Ningguo South Road 14, Hefei, Anhui, CN

#Notice to appear in court NO7885-564

A client of our recently got this e-mail and luckily he called us before opening the attachment. I recommended that they upgrade to our Spam Filtering service to avoid this in the future,

Did you receive an e-mail saying you are due in court, with an attachment named something like 03_12_14_Court_Notice_St._Louis_0672.zip ? Legitimate companies and government agencies will not send you a zip file for notification purposes.

This is a Virus, Malware, or Bot trying to infect your system. DO NOT OPEN IT! Delete the message and move on with your day.

SPAM EMAIL TEXT FOLLOWS:

Notice to appear,

Hereby you are notified that you are expected
in St. Louis Court for the hearing of your case in January 11, 2014.

Enclosed please find the copy of the court notice for the case mentioned above.
Attendance compulsory.

Yours very truly,
LARSEN MCCARTHY
Clerk of court.