Wednesday, February 21, 2007

Crazy E-mail Day

I survived the DST update at work (so far) and life is getting back to some semblance of normalcy. There is a good bit of follow up required and minor issues to stay on top of, but on the whole I would call the patch and update effort a good success.

In between tracking down the final few rogue calendar entries that refused to update this past Friday night, I checked my gmail and had two "phunny" e-mails. Most Phishing e-mails are pretty easy to spot and understand the angle that is being shot. The first one I got (on my work account actually) is the standard type:

Dear Telus member,

You are receiving this email with regards to your personal account.

Please read carefully before continuing as some vital information is being updated.

Your account is showing to be incomplete due to a data failure in our systems and you MUST provide us with a correct information within 48 hours of receiving this email.

Failure to comply will result in account termination.
To update your account provide us with the following datas:

1. Maiden name:

2. Primary and secondary email address:

3. Account Password:

Ensure the informations are correct carefully before submitting it, mistakes can terminate your account.

Thank you for your support.
Account Supervisor Team

The grammatical and spelling errors usually are a pretty good tip that something is not right. If you are a major company and you are sending a communication to all your consumers, don't you think that it would go through at least one or two reviews and someone would catch the "informations are correct" and the "provide us with a correct information"? Secondly, a close look at the Sent From "" and the Reply To "Please respond to" fields are another big red Stop sign. Finally, how many times are people warned that, "XYZ will never ask you for your password and blah blah blah"?

I guess there are enough complete and total morons on this planet that these horrible phishing e-mails are +EV for the creators.

The second one I received, and the motivator for this post, was a little more interesting. I am curious what the angle is here. Driving traffic to a site for ads? Hosting malicious code and driving my browser to it so I can be infected? It does not ask for any info... but it caught my attention in the Inbox:

From: Beat me (
Subject: Beat me in poker and I 'll pay for your trip to vegas
Hey Bud ,
I heard on the boards you are a preety good Poker Player.
well, I can beat you ass in any type of poker and mostly texas holdem any given day.
Come visit me in my favorite poker room, get a decent bonus and the best of all,
If u beat me in the game I will pay for your Trip to VEGAS!!!
look for user 'playpokerwithme'

See you Tonight on

Since I am at work and I don't understand the "trick" here, I did not visit the geocities site on the link. I would not advise anyone else to either. I am curious if other people got this e-mail, perhaps my address was scraped from this site?

In addition to all the unanswered questions above, the most lingering and perhaps most important is - Could beat me ass in mostly texas holdem?


D said...

I think Duggle had posted the same email before. I received it also.

Spoofers1011 said...

Because I am a 21st Century digital boy. I don't know how to live, but I have alot of toys....

Sorry to hear you had an attempt on your digital security. I have been there. I am experiencing technical difficulties as we speak.

Stay Strong Donks.