Your DNA results are now ready!

This was a weird email to receive since I have never sent off a DNA sample to any company.

Dear Friend,

Your DNA results are now ready!

The results of your DNA sample reveal information about your distant ancestors, including how and when they moved out of Africa and the various populations they interacted with over thousands of years of migration. We hope you enjoy exploring your chapter of the human story.

Sure enough, it’s spam from The National Geographic. The linked page allows you to buy the Geno 2.0 Next Generation kit.

I used to have an NG subscription years ago but I gave it up. I wasn’t reading it, and the issues were collecting dust in a corner. Looks like they’re harvesting their email lists. Anyone else get this email?

Irish Water Phishing Emails

I must have been half asleep when I clicked the link in this email, but Gmail hadn’t caught it yet even though it’s an obvious phishing attempt, so be warned if you get an email warning of “urgent maintenance” of your account. Then again, it’s probably a bad site to phish, since most people are boycotting them. I bet there’ll be people on Facebook complaining that they were sent these emails, even though they’re protesting it! 🙂

Screen Shot 2016-06-09 at 10.55.45

The from address is at Telefonica, and the login link goes to a page at 3i6e5.16mb.com which is a convincing Irish Water login page, looking very like the original.

Screen Shot 2016-06-09 at 10.58.40

Opening both pages in two tabs and switching between them shows no jumps in spacing or changes at all. Irish Water haven’t been around that long either so it’s not as if we’re all familiar with how they compose their email correspondence. Mark as spam and don’t let the bad guys win.

Finbarr Galvin SMS Spam

Finbarr Galvin Ltd Spam SMS

I guarantee I will not be buying my next car from Finbarr Galvin Ltd and you probably shouldn’t either if you want your personal data to be respected. I should have known I’d be SMS spammed by Finbarr Galvin Ltd again. They’re a car dealer in the town of Bandon, Co Cork for those who don’t know them. I bought a car off them around seven years ago, which I traded in for another car two years later.

So, I haven’t had any business dealings with them in seven years.

In the time since then I’ve received a couple of advertising text messages, the last being about two years ago when I remember a lengthy phone call with a sales assistant to get them to remove me from their sms list. They didn’t have an “opt out” method that time.

I’ve tried to remove myself from their list now by texting OPTOUT to 50123 as stated in this text message, but haven’t heard back yet. If I was to judge by my previous attempts to unsubscribe, they probably have to manually remove my number using a chisel on stone tablets or something similarly archaic. This is part of the reason I’m making this blog post, as a reminder for the next time I get spammed by them.

I’m also publishing this because Finbarr Galvin Ltd should only send advertising text messages to customers they have had dealings with and received express permission to message them, in the last twelve months. I told them this that time I talked to that sales assistant:

Marketers may send you electronic mail for direct marketing purposes where:

(i) You have given them explicit consent to do so within the last twelve months, or
(ii) they have obtained your personal contact details in the course of a sale to you of a product or service within the last twelve months, they informed you of their identity, the purpose in collecting your contact details, the persons or categories of persons to whom your personal data may be disclosed and any other information which is necessary so that processing may be fair, and the direct marketing they are sending is in respect of their similar* products and services only, and you were given a simple cost-free means of refusing the use of your contact details for direct marketing purposes at the time your details were initially collected, and where you did not initially refuse the use of those details, you are given a similar option at the time of each subsequent communication. (If you fail to unsubscribe using the cost-free means provided to you by the direct marketer, you will be deemed to have remained opted-in to the receipt of such electronic mail for a twelve month period from the date of issue to you of the most recent marketing electronic mail).

They certainly shouldn’t be using my personal details for advertising purposes after seven years. I hope that OPTOUT text to 50123 was “cost-free”.

Bah.

Extortion by Email Spam

Spammers are getting desperate. I received the following email a few days ago, which somehow got through Gmail’s spam filter:

From: “germes”
To: “donncha” <.....>
Subject: RE: Hello
Date: Sun, 24 Mar 2013 15:37:20 +0000

Hello You received this message because this is an email list for mass mailings. We analyze the list and remove a lot of email. pay you $ 2 or 2 euro, and we will remove it from the list of spam Email newsletters.

webMoney purse
Z180596051821
E943924283321

I presume they meant to say that I pay them to remove my email address from their mailing list rather than the other way around!

Sneaky spammy web forms

I have a feeling the renewal form that Imagine Publishing in the UK uses had this sneaky web form last year too. Read the opt out clauses, carefully. None of the checkboxes were checked by default and as you can see they’re below the “Place Your Order” button.

Sneaky.

 

 

Link Exchange Spammers Are Back Again!

Well, the link spammers never really went away did they? Has anyone noticed a huge increase in the number of “link exchange” emails or is it that I’ve been added to a particularly busy spammer’s list? I just noticed that a few recent ones contained the text “emailsnomore(dot)com” so I’m going to add a gmail filter to delete any emails containing that domain. You probably should too.

Hi,

My name is Daisy Gibson, Web Marketing Consultant. Ive greatly enjoyed looking through your site ocaoimh.ie and I was wondering if you’d be interested in exchanging links with my website, which has a related subject. I can offer you a home page link back from my related websites all in google cache and backlinks which are:

shawntierney(dot)com PR4
collectiveunconsciousltd(dot)com PR3

If you are interested, please send me the following details of your site:

TITLE:
URL:

I’ll add your link as soon as possible, in the next 24 hours. As soon as it’s ready, I’ll send you a confirmation email along with the information (TITLE and URL) regarding my site to be placed at yours.

I hope you have a nice day and thank you for your time.

Kindest regards,

PLEASE NOTE THAT THIS IS NOT A SPAM OR AUTOMATED EMAIL, IT’S ONLY A REQUEST FOR A LINK EXCHANGE. YOUR EMAIL ADDRESS HAS NOT BEEN ADDED TO ANY LISTS, AND YOU WILL NOT BE CONTACTED AGAIN. IF YOU’D LIKE TO MAKE SURE WE DON’T CONTACT YOU AGAIN, PLEASE FILL IN THE FOLLOWING FORM: emailsnomore(dot)com ; PLEASE ACCEPT OUR APOLOGIES FOR CONTACTING YOU.

The worst targeted spam ever!

I honestly thought that spammers had gotten smarter about making sure their emails were taken seriously. Even the most geeky and anti-marketing of developers will realise that big red and bold text, center justified, looks like something out of the last century. I hope for the sake of their business that they put more effort into their backup service.

This email, which I received twice in the last week is just a joke. I would have immediately marked it as spam and forgotten about it but it mentioned WordPress and obviously my email address is on their list of WordPress bloggers. I wonder if they read my blog?

At least they didn’t CC everyone like an Irish guy did a few years back.

If you want me to look at your new service, write me a nice friendly email, address me by name, email me from your own email address, talk to me about something you’ve gleaned from my blog or my twitter stream so I at least think you’re a friendly individual and I may even check out your site.

Bah! Frapz spammed me!

I received a friend request from an oddly named character on Xbox Live the other day. Looked something like wwwwfrapzcouk with some odd characters thrown in here and there. They then spammed me. Grrr.

Frapz Spam

Rather embarrassingly for them, their website isn’t even set up correctly:

Friend removed, and complaint lodged. I don’t like unsolicited commercial messages. Especially on a social network.

Phishing in Irish

Well, this is a surprise. One of my .ie email addresses got a very targeted phishing email. It was so specific that it was actually written in Irish! It wasn’t directed at me, but at a list owner address at linux.ie.
I wonder if the spammers know how many Irish people could actually read their email easily? It’d certainly be easier for most people to read in English.

Aire

Tá mé an tUasal Patrick KW Chan an Stiúrthóir Feidhmiúcháin agus Príomh-Oifigeach airgeadais Hang Seng Bank Ltd, Hong Cong.
Tá mé togra gnó brabúsaí leasa choitinn a roinnt le leat;
Baineann sé leis an aistriú suim mhór airgid.
Fuair mé do tagairt i mo cuardach a dhéanamh ar dhuine a oireann mo chaidreamh gnó molta.
Má tá suim agat i obair liom teagmháil a dhéanamh liom mo trí r-phost príobháideach (mrpatkwchan52@yahoo.com.hk) le haghaidh tuilleadh sonraí

Dearbhófar do fhreagra túisce chun an litir seo a mhór.

An tUasal Patrick Chan
E-mail: mrpatkwchan52@yahoo.com.hk

I suppose it was bound to happen now that Google translates text into Irish. Well done to Gmail for marking it as spam!

Gooochi talks to /bc/123kah.php

This is weird, a huge number of POST requests started to hit the Shite Drivers website a few days ago. The requests came from lots of IP addresses and all requests went to the non existent /bc/123kah.php

The payload was an array that looked like this:

Array
(
    [showed] =>
    [clicked] =>
    [version] => 2.6.2.4
    [id] => c3b342beb6ad7adf39499e7a38f93c09f681611d
    [tm] => 1266855758
    [aff_id] => gooochi
    [net_id] => gooochi
    [safe] => 1
    [exceed] => 2505,2507,2582,2597,2602
)

So I presume it’s the Gooochi malware referenced in this search for that word. Strange that the infected PCs hit my server though.

The traffic was never overwhelming but I decided to put a stop to it with a simple deny from all in a .htaccess file. Much better than having WordPress serve up a 404 page.

I mentioned the 123kah.php file on Twitter and I’m not the only one to see these odd requests. I guess even malware has bugs! (which is all the more reason to keep your anti-virus software up to date if you use Windows)