When it comes to spotting phishing emails I feel that it’s a really easy thing to do. But then I think about the number of messages I get from users asking about our “lottery” and I am reminded that not everyone has had the same degree of experience. Having worked at PayPal, eBay, and now Yahoo!, I have a bit of a PhD in phishing, and would like to spread some knowledge.
If you have been reading for a while you may remember way back in May when I offered up a breakdown of some recent Yahoo! Lottery and PayPal scams that were floating around. As you can imagine these scammers are persistent and new styles are always popping up. Below is a recent attempt at a lottery scam that I found particularly bad.
While phishing messages are known for their bad grammar and spelling, this one really sinks to new lows. I’ve marked up many of the mistakes in red, but I’m sure there are a lot more. Anyway, the first things you might notice are that “I D” and “PRICE” are misspellings (they are going for ID and prize). I guess that might slip by but then you can easily see that the “YAHOO INCORPORATED” email address is in fact from @walla.com.
Next we can proceed to the stuff that makes our brand folks all twitchy…the inconsistencies. There must be a dozen references to Yahoo! in this message, yet they never spell it the same way two times in a row. Some have the “!” at the end, others don’t. Some are ALL CAPS, others are not. In fact the whole message bounces back and forth between different font styles.
You’ve also got references to the All-New Yahoo Mail Beta (hasn’t been beta or for a year), and the Yahoo Male Classic (I guess it’s for guys only).
Then of course we have perhaps the most insulting gesture from this scammer. He wants you to claim your Yahoo! “Price” by contacting him at a gmail address?!?!?!
As you move further down the message there are of course more references to “Price” (instead of prize) with the requisite request for personal information.
All in all this message has all of the signs, including perhaps the biggest warning sign of all…if it sounds too good to be true, it probably is.
So if Yahoo!, PayPal, eBay, your bank, or pretty much any site asks you for a bunch of personal information in an email you need to remember a few things.
- Most major sites know better than to ask that of their customers.
- If a site is warning you that your account is going to be shut down you should try to contact the appropriate customer care team directly.
- When contacting the site to ask be sure to use your normal methods, not the links within a suspicious email.
hey ryan
if it is adderessed to undislosed resipeant even if s[elled korektly i dont think it shud reech u
hi
you need to get the word out & I sure hope that people aren`t so gulable that they will step in with both feet instead of one. Check it out. If it sounds to good to be true it probably is to good to be true. Use the brain God gave you.
hi
A couple of years ago, I received an email that appeared to be from my credit card co. telling me to “click here” for important information about my account. I know better than to “click here” on these types of emails, but for some reason, I called the credit card co using the number on the back of my credit card. Get this – the email was a real email from them! They were trying to confirm some unusual activity on the card (we were out of state). I really ripped them about sending an email that appears to be phishing – even on their site, they warn about clicking on links in emails because they could be phishing for information! I still get regular emails from them telling me that my statement is available with links to click to get to their login page. I delete them all as junk and use a bookmark to get to their login page.
I have tried to send these annoying pieces of junk back to senders…Most of the time they come back to me as “no such address”
Don’t get it!
heck i enjoy getting e-mails from around world. if i collected all the millions they say i have won or been owed, i would not be waisting my time on this puter! the fun is in answering them, they say contact this and that person..and then they want me to pay for them sending money to me..thats where the dumbells, screw up..now its my turn to tell them they pay for shipping and handling..and all the other baloney that goes with it..does it have virus in it..no, and my puter will not receive any e-mails, with garbage in it..best part they change e-mail addys all the time..so i send reply back to them via the shills addy…and if hes dunb enough to open it too dang bad…seams to me if ya get mail from uk, or any other place, you should have enough security in your puter to eat it up and spite it out..puter are only as good as person who uses them..and if gov gave me right to shoot those hackers, and they paid a darn good bounty for doing it.. i would be out every day blowing them away..they aint hard to find..end of story..THEY CALL ME RICK.
mmmm
I´m getting very tired of the number of “scammers” contacting me!
The “Southafrican bankers”, the “Irish Lotto”, the “Yahoo draw”, and others. What a bunch of loosers! But these loosers´ e-mails are getting “better looking”. I hope people don´t continue falling for it.
War against these criminals!
Apart from the anti-spam, is it possible to also give us the option of bouncing the mail back to the sender?
Thanks a lot Mr. Ryan Knight
Well, I was wondering how to contact u, to tell u that I keep winning Yahoo Lotteries and never got paid. Latest is from “missreturnerf” as shown below:
You E-mail Won $500,000.00 Yahoo! Mail Congratulates You!!! THE BETA INTERNATIONAL DRAW. Barley House Harold Road SM1 4TE Sutton, Greater London.THE BETA WINNING NOTIFICATION
and too much bla bla this
1. Your Full Name:2. Telephone Numbers:3. Contact Address where you want your ATM Card be sent:4. Age and Current OccupationCONTACT PERSON: DR. EMMA ROTHSCHILDINTEGRATED PAYMENT DEPARTMENT IN UKEMAIL: dremmarothsc@gmail.comTEL PHONE: +44 70457 56519don’t even have a yahoo id.
The “Real” Yahoo male shows today the 4th of Sept. as FRI along with weather report!
Some things are obvious to some people but not to all! What you may see as an obvious scam others may see as a legitimate deal, hey they may have bought things in the past that led them to believe this was genuine.
I get regular emails with much worse English than shown here and I also get them where it is difficult to tell. I would never follow up on an email though, I would always go direct from a new browser.
I do not use my spam filter and my reasoning for that is so I can see what tactics are being used and how the scammers are changing things. Getting emails from one bank with another banks email address is a dead giveaway.
But if they are going through the effort of getting it to look right, then there are some people out there that are getting caught on scams like this.
My own rules are, if it costs me money or I have to use any of my personal details, hit the delete key. I did send lots of these sorts of things on to the relevant companies but gave up after the lack of response even an automated one.
If I believed all my emails I would be the most well endowed male who can keep women happy all night long I’d also have a degree in everything and be worth billions but with bank security issues.
If it looks too good to be true then walk away
Dude! Stop blogging about obvious stuff and try paying attention to the bad service you are blogging about. Search doesnt work – it misses results, RSS sucks – can add or remove certain feeds. The entire interface bogs down if its open for a day.
While it is generally true that you can’t win a lottery if you don’t enter/purchase a ticket, the thing about the scam that Ryan posted is that it clearly says that they pulled the winning entry from all active Yahoo! mail accounts. So…if a person is inclined to be roped in by something like this, they’re not thinking “Wait, I didn’t buy a ticket.” They’re thinking, “Yes, I have a Yahoo! account and the email says that I’ve won because I have an active account.”
Wenona kleser is right regarding the fact that a lot of people don’t even know bad spelling when they see it. Do a search of the misspelled word ‘innane’ (correctly spelled ‘inane’) and you will see how commonplace it is for people to repeat the bad spelling they see on websites, etc. One of the most proven ways that people become good spellers is by reading, but if what they’re reading is wrong, the mistakes just get repeated. That’s why website editors should be more careful in proofreading what gets put online. Sorry to grouse. :(
Ryan,
I assume there’s also a lawsuit already going on (http://ycorpblog.com/2008/05/30/scammers-take-notice) aside from your insightful proofreading :)
Oh! BTW there’s spam up there in the comments as well, time to throw in some reCaptcha(http://recaptcha.net) love :)
Thanks and keep up the great work.
You are doing a great job, keep it up. I think we should all work together and eradicate all these fools.
Thanks. Not that I would have fallen for this, but it’s good to know that someone is on top of things. What an idiot…..he should probably invest some of the scam monies on learning the English language first!!! (Price)
Nobody invited me to the lottery.
Nice article, Ryan. Have you done a phishing blog about emails that look really good, like the real thing? I got one from my bank, I thought, and still don’t know if it was a scam or not.
Keep up the good information.
nice.more infomation .shot word give me more knowlegs. what ever i spot this web ..thank you verry much
Well I just stumbled on to this and thought it was very informative. We need to know what they are doing that way it makes it harder for them to continue. The have to at least learn how to spell. I see any emails that I don’t know or looks phishy…and they are deleted and emptied…
I did work for an internet company for a few years and you would be surprised at how many people are not wise to these things….
I will keep reading this now that I know where it is…Thanks and keep up the great work…
thank’s for the information. guess we have to look at thing’s before we have a problem. alway’s good to know .
I’m always getting this mess from these “so-called” lottery scammers. Then they have the nerve to ask for some money so they can send the money u won. Sick aint it!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
sometimes I play with these people. Tell them to meet me somewhere, or send me more info, until I tired of them, then show them what they up to…
I have no clue how you dare to joke about Yahoo lottery scam which I prevent by a single out of 15 filters easily.
Question to ask: How can that mail end up in my inbox?
No need to be PHP genius, a basic program like
IF it has “Yahoo lottery” and NOT domain keys verified, send to spam folder and CC it to phishing department.
It is all needed.
It’s about time someone pionted that out. I think it should be in the pop-up banners.
That was so funny reading that. It reminds me of this e-mail that I got from (supposedly) Publisher Clearing House. It wasn’t from PCH of course but a few days later I received a check(phony) of course for almost $4,000.00. I was told in the letter to deposit it in my bank account and when it clears to send these people the money so they can send me the big check of $57,000.00. I thought it was so funny. Here’s what I did. There was a phone # on the letter. I called! I told the guy that I received a letter and a check for $57,000.00. He said “yes you did. Please deposit the money and when it clears send it to us.” I asked him why would you send me a check for that amount to deposit and tell me it’s for fees and taxes and other things but in order for me to get the big one I have to send you the small one back. That doesn’t make sense. You know this is how people get scammed. Oh let me tell you he didn’t like that. He denied it was a scam over and over. I told him I wasn’t that stupid. I wanted to know why they didn’t just send me my $57,000.00. in the beginning. Of course he didn’t have an answer. I thought it was so funny. Finally after messing with the scam artist I hung up and went to my shredder and shredded my $4,000.00. I’m broke now!
I cant believe people would actually believe in this kind of a scam. The MS lawyers need to actually do something.
Thanks for the information Ryan, you just might save someone a great deal of money and trouble for your efforts. I received a similar email from a phisher, claiming to be from Paypal, wanting my personal ID and logon information. Luckily, I’m smarter than the average bear, so I turned the email over to the real Paypal site. I have to say that the email I received looked quite a bit better than this one, which begs the question…
How is it that these people, who obviously possess enough intelligence to develop this scheme, and create a flashy email, can’t even produce proper basic grammar? – it’s baffling to me that these people exist!
Anyway, bravo to you, Ryan! You’re doing a great service to those less experienced!
OT – Ironic that a blog that markets itself thusly – “To put it simply, this is where you should go to find the latest scoop on Yahoo! Mail product updates, new releases, bug fixes, service enhancements” – isn’t covering the current outage affecting many users who are getting the dreaded Error Code 2 in Yahoo mail. I’ve been down for two days, others longer.
I realize it’s a free service but I am locked into Y! in many ways. A free service that doesn’t work is not helpful.
just wanted 2 say thanx 4 the info on the yahoo lottery i get alot of those emails is there actually a real yahoo lottery at all?
Thanks for the info!
Regarding spammers, phishers, and the like – I have to give praise to Y-mail spam filter. I’m using old mail (new one is too slow on my bucket of computer), and 99% of these types of emails go right into spam. While my friends get tons of spam every day on their various accounts right into their inboxes, I simply hit “delete”, heh :)
There is one thing to remember when you think “Wow, some ppl must be stupid to believe in something like this”. People will believe a lie for two reasons: because they fear it or they want it to be true. Who doesn’t want to win something? Especially money? Especially an amount of money that can give them whatever they need, and leave extra for what they want? Some ppl will do anything to have that–hence the phishing schemes in the first place. My opinion is if they actually spent the time helping people instead of scamming them they would find a more satisfactory life.
Another thing to consider…Some ppl really don’t spell well. I’m a FREAK when it comes to typos and misspelled words–they drive me nuts. However, not everyone is like me and there are ppl I talk to on a regular basis that don’t know how to spell simple words. They aren’t of lower intelligence, they are just not good at spelling. To some ppl something like that would look completely fine. Another bid for better spelling and reading skills in school but that’s just my opinion…..
One last tidbit–if you didn’t pay for a lottery you can’t win. There is no such thing as a free lottery. The money you pay for the ticket goes towards a few things usually. Part of it goes to schools, part of it goes towards paying the prize and I’m not sure what they do with the rest. I do know that most places start a lottery to make more money for something they need, so if you don’t pay you can’t play and of course winning is not an option.
I don’t play lotteries so when I see one of these types of e-mails I automatically delete them.
I’m not sure who is dumb enough to fall for this type of scheme. Meanwhile, I am requesting all Yahoo Mail users to wire transfer to my offshore account ten million dollars. I am building an orphanage for the children of Nigeria and your funds will be put to good use. Promise.
You are wonderful. This is a way of fufilling God injuction of been ones brothers keeper. With this information many who might fall prey will have their eyes open. Thanks.
Ryan Knight u are adorable…and very smart for what I can see…; )
Gmail Address is a Google Mail Account. So, that is why Yahoo! is being insulted.
wow, never knew that would happen! :)
Wow, these folks must not have gone to phishing 101 for it to be that bad. A few other notes:
1. The MS lawyers must have them scared to death as their scam is powered by Window Live, not Windows…..
2. and the Him capitalized…this guy must be kin to a religious figure.
3. I also noticed that in one place they put baank instead of bank, guess they’re only looking for sheep!
What is a “gmail address”??!!
You’re right. People should be warned. It’s incredible to consider sometimes that people fall prey to things that might seem obviously suspect to most other people, but it happens.
For years, we’ve been warned about how to spot phishing scams, etc. The crooks still make the same mistakes while more potential victims have wised up. I’d therefore say that the proof is in the pudding: awareness helps protect people without giving the bad guys a leg up.
If there’s a serial killer stalking women and the evening news reports the story in order to warn women to be more careful, it would be silly to say that by doing so, we’re showing the serial killer (or potential serial killers) how to better their game. Public interest has to be weighed against other considerations.
Thanks for keeping users informed.
Ryan, thanks for the info. That example is laughable!
The BIGGEST clue is: If you didn’t buy a lottery ticket (or enter in some way) you CANNOT possibly win!!!
Touche’ Dave…you have me there. Though in fairness I’m only asking you to read and learn, not send me all of your personal information and/or a $10,000 wire transfer.
I hope we all would expect a little more formal polish from a service announcement, restriction notice, password inquiry, etc. than we require from my feeble attempts at writing.
And I blame the image problem entirely on the Gremlins.
-Ryan
Thanks Maowbro,
I can see why Dave would feel that way, however I agree that users need to be reminded of these telltale signs.
Scammers have been making these same types of mistakes for years, and in fact this is one of the worst I’ve seen. They aren’t reading this blog in hopes of finding tips to better scam our users.
-Ryan
Kinda funny, in a way….
Talking about the lack of “polish” from the phishers, but saying You’ve also got references to the All-New Yahoo Mail Beta (hasn’t been beta or a year) (note that “or a year”) and links to images that never show.
:)
The images are broken, Ryan… couldnt understand the post without it
It is vitally important that users be kept informed about the phishing tactics used by scammers. Ryan is doing the right thing by pointing out what a lot of us consider to be obvious scams but are perhaps not so obvious to others. When I was a contributor to the Y!Mail topic of Yahoo!Answers, I spent more time answering questions from people who truly believed they had won something from the Yahoo Lottery. If users aren’t given the facts about these scams (and how to avoid them), many more will be sucked into those scams.
Don’t you think that by pointing out these “errors” here you are instructing the scammers on how to improve their ploys?