Over the past few days I've received a rash of offers for unbelievable pricing on various products including Microsoft Office, Vista, Adobe Acrobat, etc..
Clearly this is another SCAM attempt to rip off the user that you need to be very careful to NOT succumb to.
The mail has two basic subject lines:
At Dylan's webshop get 0ffice 2OO7, Acrobat 8 pro & ms-vista under 8O ACR0BAT 8 PR0 & 0FFICE 2OO7 $79 N0W at Jingbai's WebShop
Although the name changes with every spam (Dylan, Karl, Gary, etc.) and looks like the following (note that I purposely broke the links so that they were not easily clickable -- no need to advertise for them):
All Titles 0n S@le. Micr0s0ft Vlsta 2OO7 $79 Micr0s0ft 0ffice 2OO7 $79 Ad0be Acr0bat 8 PR0 $79 Wind0ws XP PR0 +SP2 $49 Ad0be Premiere 2.O $59 Macr0media Studi0 8 $99 Micr0s0ft Money 2OO7 $39 Aut0desk Aut0cad 2OO7 $129 C0rel Grafix Suite X3 $59 Ad0be Creative Suite CS2 $149 Ad0be Illustrat0r CS2 $59 http ://rp1207.tuhloem.com/ See more:Micr0s0ft-Mac soft-Ad0be Micr0s0ft Vlsta 2OO7 Normal Price: $399.00 0ur 0ffer: $79.95 U-save: $319.95 (75%) Availability: Pay-and-download instantly. http ://rp1207.tuhloem.com/???.php SalesRank: #1 Average Customer Review: ***** (based on 60465 reviews) Micr0s0ft 0ffice 2OO7 Enterprise Normal Price: $899.00 0ur 0ffer: $79.95 U-save: $819.95 (89%) Availability: Pay-and-download instantly. http ://rp1207.tuhloem.com/???.php SalesRank: #2 Average Customer Review: ***** (based on 48341 reviews) Ad0be Acr0bat 8.O PR0 Normal Price: $449.00 0ur 0ffer: $79.95 U-save: $369.05 (80%) Availability: Available for INSTANT-download. http ://rp1207.tuhloem.com/???.php Topten-ranked item. Average Customer Review: ***** (based on 51489 reviews) Macr0media Studi0 8 Normal Price: $999.00 0ur 0ffer: $99.95 U-save: $899.05 (90%) Availability: Can be downloaded-INSTANTLY. http ://rp1207.tuhloem.com/???.php Best choice for professional. Average Customer Review: ***** (based on 52823 reviews) rdist-1.3alpha rdist-1.3a no strings like `alpha' allowed o Each nx= entry matches another gettytab capability name C> XCOPY /S E:\FLOPPIES C:\FREEBSD\FLOPPIES\ add 0 0 HISADDR dispense with making the cua* devices. finished with bus, it de-asserts the DRQ line, and the DMA editing the file /etc/host.conf. Do not call this file /etc/hosts.conf
I base my claim that this is a SCAM on the following factors:
- TANSTAAFL - There Ain't No Such Thing As A Free Lunch -- the prices are just too good to be true.
- The names of the products are all changed slightly (zeros for an O, mixed casing, etc.).
- The products are only available via download -- these vendors frequently do not sell their products via download.
- I checked the domain registration (using Network Solutions Whois server at http://www.networksolutions.com/whois/index.jsp):
PacNames WHOIS Server Version 1.1.0 Domain name: TUHLOEM.COM Registrar: PacNames Referral URL: http://www.pacnames.com/ Domain Registrant: (Private Contact) (pws.4441a12478c3e85@shieldedwhois.com) Shielded Whois Shielded WHOIS PO Box 2076 Arvada CO 80001 US Telephone: +1.5016348793 Fax: Administrative, Technical Contact: (Private Contact) (pws.4441a12478c3e85@shieldedwhois.com) Shielded Whois Shielded WHOIS PO Box 2076 Arvada CO 80001 US Telephone: +1.5016348793 Fax: Name Server: NS1.SRUL5.COM Name Server: NS2.SRUL5.COM Domain creaton date: 2006-12-15 18:22:36.0 Domain expiration date: 2007-12-15 23:38:37.0
- It was only registered a few days ago (12/15/2006) - definitely a sign that they haven't been in business long -- something that should raise red flags.
- The domain registrant used a shielded registration (where their actual name and address is hidden) -- something that's OK for an individual to use, but never used by a legitimate business.
- I have received more then 30 different versions of this email in the past week all from different senders with a variety of domains in the link including:
- otkudadeti.com
- goloem.com
- tuhloem.com
- whichinfect.com
- ispesti.com
- votivse.com
- nuujepoh.net
- her-oem.com
- hlopai-oem.com
- hlopai-oem.net
Yes, all of those domains have been seen on different versions of the same email.
- The email had a bunch of anti-spam filter stuff in it to get it by spam filters. Legitimate emails typically do not go to such extents. This includes, slight changes in the names of the products in different emails, a bunch of junk at the end of each message that was random garbage designed to foil anti-spam filters.
This feels like the same SCAM that I wrote about in Vacation Photos, but I have no evidence to tie the two SCAMs together other than my gut feeling.
This is a mail that should be ignored and deleted as soon as you get it. Ordering something from their site is the equivalent to having some guy walk up to you on the street asking for your credit card information for a fake rolex watch hanging inside his pocket. None of us would do that (at least I hope we wouldn't) and none of us should follow through on this SCAM either.
If you do/did fall for this offer, at the very best, you most likely get illegal software that you have no rights to use. At the worst, your identity is stolen and you spend several months trying to repair your credit history. I don't know which they are trying to do, but I'm pretty sure it's not something good for you.
UPDATE: 12/20/06 I've been getting a spate of these advertisements for Windows Vista for the same $79 price:
The most comprehensive edition of Windows Vista, Vista Ultimate Upgrade (DVD-ROM) is the first operating system that combines all of the advanced infrastructure features of a business-focused operating system, all of the management and efficiency features of a mobility-focused operating system, and all of the digital entertainment features of a consumer-focused operating system. For the person who wants one operating system that is great for working from home, working on the road, and for entertainment, Vista Ultimate is a no-compromise operating system that lets you have it all. Windows Vista Ultimate contains a number of new features, the most notable of which are: Windows Vista Ultimate combines all the features of a business-focused operating system, all the efficiency features of a mobility-focused operating system, and all of the digital entertainment features of a consumer-focused operating system; Remotely connect to business networks; Windows BitLocker Drive Encryption provides improved levels of protection against theft for your important business data whether you are at home, on the road, or in the office; Delivers all of the entertainment features available in Vista Home Premium; includes everything you need to enjoy the latest in digital photography, music, movies, analog TV, or even HDTV; Upgrade from your current edition of Microsoft Windows XP or Windows 2000 (including Windows XP Professional, Windows XP Home, Windows XP Media Center, Windows XP Tablet PC, Windows XP Professional x64, Windows 2000)
Windows Vista Ultimate Upgrade (DVD-ROM)
Retail Price $399.00
Our Price $79.95
You save $319.05
http://grinolt.com
Please note, that there will be more special offers available for our constant customers. Every effort has been made to ensure the accuracy of all information contained herein. DS Team makes no warranty expressed or implied with respect to accuracy of the information, including price, product editorials or product specifications. Product and manufacturer names are used only for the purpose of identification. We appreciate your cooperation with us and we'll be glad to see you as our clients in the future.
If you go to grinolt.com, you see what looks like a detailed page on Windows Vista. If you lookup grinolt.com in the WhoIs database, it looks like it's owned by a "gwynne bontempo" in New Jersey. However, if you look at the link in the add-to-cart button, you see it brings you to yoroem.com which is owned by our old friend "Alex Rodrigez" of Vacation Photos fame and, in my eyes, clearly linking all these scam emails together.
I recommend you stay way from these guys. A deal that sounds too good to be true is too good to be true, especially if coming from someone trying that hard to hide their tracks.
Tags : scam / spam / identity theft / rip off / tanstaafl / microsoft / adobe / vista
3 comments:
Same dudes have this registered.
[Querying whois.pacnames.com]
[whois.pacnames.com]
PacNames WHOIS Server Version 1.1.0
Domain name: VSEHKUPIL.COM
Registrar: PacNames
Referral URL: http://www.pacnames.com/
Domain Registrant: TOTALNIC-128733 (XSALSA@GMAIL.COM)
Alex Rodrigez
Alex Rodrigez
PO box 109 WP 1432
Lappeenranta NA 53101
FI
Telephone: +358.207818027
Fax: +358.207818027
Administrative, Technical Contact: TOTALNIC-128733 (XSALSA@GMAIL.COM)
Alex Rodrigez
Alex Rodrigez
PO box 109 WP 1432
Lappeenranta NA 53101
FI
Telephone: +358.207818027
Fax: +358.207818027
Name Server: NS1.SRUL5.COM
Name Server: NS2.SRUL5.COM
Domain creaton date: 2006-12-11 17:27:23.0
Domain expiration date: 2007-12-11 22:43:44.0
Wow, Just posted the details of that whois search and then looked at your vacation photos piece so you are right, it is the same folks.
These people are now sending spam using my domain name, meaning not only do people associate that domain with these scum, but I am getting hundreds of "undeliverable mail" emails. Any advice on how to stop this would be appreciated. (Contacting the domain hoster -- Yahoo -- has not helped thus far.)
Post a Comment