NEWS FROM THE LAB - Friday, February 1, 2008

Website Partnership Enquiry Posted by Sean @ 16:02 GMT

We were asked about some spam messages today.

The subject lines are Partnership Enquiry and Website Partnership Enquiry. The names of the senders include Richard Thompson, Edward Johnson, Daniel Lee, Jason Miller, George Nelson, et cetera.

The content of the messages are as such:

     To: *deleted*.com
     Subject: Partnership Enquiry


     My name is Jason Miller and I am contacting you to discuss the option of purchasing a text link
     or banner on your website (*deleted*.com ).

     Could you please tell me what is the price of one text link:

     1) on your homepage only
     2) all your pages
     3) banner ad 120x60, 125x125 on homepage
     4) banner ad 120x60, 125x125 on all pages

     Thank you in advance!
     Jason Miller

Here's a screenshot of another:

Website Partnership Enquiry

It's clearly spam. But what's the goal — how does the scam work? The sender wants to buy something, so how does he steal your money?

It's a form of Advance fee fraud alias Nigerian 419 fraud.

If you fall for the bait and sell something for $2000, you'll receive a check for $3000. The perpetrator of the scam will then claim that a mistake was made and ask that you refund $1000 via money transfer.

So you send $1000 via money transfer, which cannot be stopped… and in the end when it finally clears, the $3000 check ends up being a fake.

It's an old fraud that uses technology for a clever new bit of social engineering.

These messages are being sent to website contact addresses and are including the site name in the body of the message. This results in a message that feels almost personalized and might potentially lower the guard of the recipient.