What are they phishing for?
January 22, 2010 9:37 AM Subscribe
This is a scam (right?). But, what's the deal?
ATTENTION TO THE OWNER OF THIS EMAIL ADDRESS
For the Last time, we are pleased to notify you of your Windows E-Award for 2.5, million. Please confirm if you received our previous message with;
E-ticket number: xxxxxxxxx-xxx,
Category: A,
Draw: 6756
Amount: 2.5, million Dollars
You may establish contact with the Enquiry Officer with the information's necessary: Name:, Address:, Phone:, Cell Phone:, Email:, Alternative Email:, Occupation:, and E-ticket number:
Enquiry officer: Mr. David Berman, Tel: +31 xxx xxx xxx Ext; 1000, E-Mail: [david.berman@live.nl]
NOTE: You are expected to contact the Enquiry Officer for details of claims.
Mrs. Kathrine Gladden
Promotions Co-ordinator
Visit us at www.UHhospitals.org.
The enclosed information is STRICTLY CONFIDENTIAL and is intended for the use of the addressee only. University Hospitals and its affiliates disclaim any responsibility for unauthorized disclosure of this information to anyone other than the addressee.
Federal and Ohio law protect patient medical information, including psychiatric_disorders, (H.I.V) test results, A.I.Ds-related conditions, alcohol, and/or drug_dependence or abuse disclosed in this email. Federal regulation (42 CFR Part 2) and Ohio Revised Code section 5122.31 and 3701.243 prohibit disclosure of this information without the specific written consent of the person to whom it pertains, or as otherwise permitted by law.
Obviously this is as fishy as the internet gets. But, it's strange too.
It got through Gmail's spam filter. Not unheard of, but very unusual.
www.UHhospitals.org appears to be a legitimate site, though what a pediatric hospital would have to do with such a thing, I have no idea.
Kathrine Gladden returns nothing with that spelling.
David Berman, who I assume is neither the musician nor poet, is hard to search for. The phone number (x'd out) has a country code for the Netherlands, and his email address is in the Netherlands, though live.nl appears to be an IP rerouting house of some kind.
The email itself is shown to have come from Annette Courtland from the uhospitals domain in Ohio. Also from Ohio, the author of this uh... strange book may be the same person.
Various combinations of "windows," "e-award," and "scam" return nothing related.
Is it identity theft phishing? Is the information they ask for enough to do that?
Am I 2.5 millionhamburgers dollars richer?
I'm asking because this is a new one on me. It's not written strangely like the others I've seen, and I'm not finding any other references to it. But mostly, because I have a casual fascination with these email scams.
What can I do to get it on the scam map? If I'm thinking twice about this one, some little old lady on an acoustic modem somewhere is typing furiously. Will flagging it as spam do anything?
ATTENTION TO THE OWNER OF THIS EMAIL ADDRESS
For the Last time, we are pleased to notify you of your Windows E-Award for 2.5, million. Please confirm if you received our previous message with;
E-ticket number: xxxxxxxxx-xxx,
Category: A,
Draw: 6756
Amount: 2.5, million Dollars
You may establish contact with the Enquiry Officer with the information's necessary: Name:, Address:, Phone:, Cell Phone:, Email:, Alternative Email:, Occupation:, and E-ticket number:
Enquiry officer: Mr. David Berman, Tel: +31 xxx xxx xxx Ext; 1000, E-Mail: [david.berman@live.nl]
NOTE: You are expected to contact the Enquiry Officer for details of claims.
Mrs. Kathrine Gladden
Promotions Co-ordinator
Visit us at www.UHhospitals.org.
The enclosed information is STRICTLY CONFIDENTIAL and is intended for the use of the addressee only. University Hospitals and its affiliates disclaim any responsibility for unauthorized disclosure of this information to anyone other than the addressee.
Federal and Ohio law protect patient medical information, including psychiatric_disorders, (H.I.V) test results, A.I.Ds-related conditions, alcohol, and/or drug_dependence or abuse disclosed in this email. Federal regulation (42 CFR Part 2) and Ohio Revised Code section 5122.31 and 3701.243 prohibit disclosure of this information without the specific written consent of the person to whom it pertains, or as otherwise permitted by law.
Obviously this is as fishy as the internet gets. But, it's strange too.
It got through Gmail's spam filter. Not unheard of, but very unusual.
www.UHhospitals.org appears to be a legitimate site, though what a pediatric hospital would have to do with such a thing, I have no idea.
Kathrine Gladden returns nothing with that spelling.
David Berman, who I assume is neither the musician nor poet, is hard to search for. The phone number (x'd out) has a country code for the Netherlands, and his email address is in the Netherlands, though live.nl appears to be an IP rerouting house of some kind.
The email itself is shown to have come from Annette Courtland from the uhospitals domain in Ohio. Also from Ohio, the author of this uh... strange book may be the same person.
Various combinations of "windows," "e-award," and "scam" return nothing related.
Is it identity theft phishing? Is the information they ask for enough to do that?
Am I 2.5 million
I'm asking because this is a new one on me. It's not written strangely like the others I've seen, and I'm not finding any other references to it. But mostly, because I have a casual fascination with these email scams.
What can I do to get it on the scam map? If I'm thinking twice about this one, some little old lady on an acoustic modem somewhere is typing furiously. Will flagging it as spam do anything?
Yes, fake contest scams are pretty common. They are going to ask for a fee or say you have to pay tax to claim the money.
posted by interplanetjanet at 9:41 AM on January 22, 2010
posted by interplanetjanet at 9:41 AM on January 22, 2010
Congratulations, you are now a millionare.
In all seriousness, yes, it is a scam. See more at the FBI's website. You could report it here if you want, but I'm sure they get a lot of this.
posted by nitsuj at 9:43 AM on January 22, 2010
In all seriousness, yes, it is a scam. See more at the FBI's website. You could report it here if you want, but I'm sure they get a lot of this.
posted by nitsuj at 9:43 AM on January 22, 2010
You might want to make sure that the link actually goes to www.UHhospitals.org. It's common for them to make the text for one address link to something else, like how www.metafilter.com here is actually linked to Google.
posted by Nattie at 9:46 AM on January 22, 2010 [1 favorite]
posted by Nattie at 9:46 AM on January 22, 2010 [1 favorite]
David Berman, who I assume is neither the musician nor poet, is hard to search for.
Oddly enough, I've known two different (unrelated) people named "David Berman", and both turned out to be creepy/slimy scam artists in the real world.
Maybe it's some kind of sleazy grifter code name.
You're in Texas? Ohio? Call whatever department (Attorney General?) covers consumer fraud in your state and ask them about it. They should know, anyway.
posted by rokusan at 9:47 AM on January 22, 2010
Oddly enough, I've known two different (unrelated) people named "David Berman", and both turned out to be creepy/slimy scam artists in the real world.
Maybe it's some kind of sleazy grifter code name.
You're in Texas? Ohio? Call whatever department (Attorney General?) covers consumer fraud in your state and ask them about it. They should know, anyway.
posted by rokusan at 9:47 AM on January 22, 2010
www.UHhospitals.org appears to be a legitimate site, though what a pediatric hospital would have to do with such a thing, I have no idea.
It's possible this message came from a compromised machine on their network, and their outgoing e-mail server appended this to the message, as well as all that legalese at the end.
posted by FishBike at 9:48 AM on January 22, 2010
It's possible this message came from a compromised machine on their network, and their outgoing e-mail server appended this to the message, as well as all that legalese at the end.
posted by FishBike at 9:48 AM on January 22, 2010
I think that UHospitals footer is an automatic addition by the mail server, which suggests that this scam is being run through a mail server in Cleveland, but almost certainly without the knowledge of anyone at the Hospital.
So yeah, call them too.
posted by rokusan at 9:49 AM on January 22, 2010
So yeah, call them too.
posted by rokusan at 9:49 AM on January 22, 2010
If you think the email was "not written strangely," I recommend honing your editorial/skeptical eye. For instance, the email begins:
As for the reference to a website -- as you said, the message claims to be affiliated with a website that turns out to be legitimate but that's hard to imagine sponsoring a $2.5 million dollar giveaway. You could easily send someone an email claiming to have a prize for them and add, "Please visit us at www.metafilter.com." That's the easiest thing in the world -- it's not a sign of legitimacy.
posted by Jaltcoh at 9:51 AM on January 22, 2010 [2 favorites]
ATTENTION TO THE OWNER OF THIS EMAIL ADDRESSHave you ever written an email to anyone that began "ATTENTION TO THE OWNER OF THIS EMAIL ADDRESS"? If they have such a major prize for you, why don't they know your name? Why not a more polite greeting like "Dear ___" rather than "ATTENTION" in all caps? Having the body of the message begin "For the Last time..." is also an impolite colloquialism. In that sentence, capitalizing "Last" is an egregious error that no legitimate organization would tolerate. "2.5, million" (with no denomination and a comma before "million") isn't a proper way to refer to an amount of money. That's a lot of comically inappropriate writing, and that's just in the first sentence.
For the Last time, we are pleased to notify you of your Windows E-Award for 2.5, million.
As for the reference to a website -- as you said, the message claims to be affiliated with a website that turns out to be legitimate but that's hard to imagine sponsoring a $2.5 million dollar giveaway. You could easily send someone an email claiming to have a prize for them and add, "Please visit us at www.metafilter.com." That's the easiest thing in the world -- it's not a sign of legitimacy.
posted by Jaltcoh at 9:51 AM on January 22, 2010 [2 favorites]
Response by poster: Well, I mean, it makes real sentences at least.
Also, to be clear, I don't think this adds up to legitimacy in any way, it just seemed stranger than usual.
posted by cmoj at 10:06 AM on January 22, 2010
Also, to be clear, I don't think this adds up to legitimacy in any way, it just seemed stranger than usual.
posted by cmoj at 10:06 AM on January 22, 2010
This is actually a lot like the "you have won a foreign lottery" emails - not as common as the Nigerian email scams, but still pretty common.
The schtick is indeed that you've won this fabulous prize -- and if you'll just wire us this processing fee/handlers' fee/tax fine/some kind of money, we'll send it right to you, we promise. And then of course, you send them your money and you never hear from them again.
posted by EmpressCallipygos at 10:14 AM on January 22, 2010
The schtick is indeed that you've won this fabulous prize -- and if you'll just wire us this processing fee/handlers' fee/tax fine/some kind of money, we'll send it right to you, we promise. And then of course, you send them your money and you never hear from them again.
posted by EmpressCallipygos at 10:14 AM on January 22, 2010
The email itself is shown to have come from Annette Courtland from the uhospitals domain in Ohio.
When you say it's "shown to have come from" this person, do you mean only that an address in that domain is listed in the "From:" header? The "From:" address on email is about as meaningful as the return address on postal mail: anybody can put anything they want there, and it will still be delivered. Neither are guarantees that the person listed sent it.
A detailed analysis of the "Received:" headers can sometimes provide information about where it really came from, but the "From:" address should not be trusted on suspected spam.
posted by DevilsAdvocate at 10:25 AM on January 22, 2010
When you say it's "shown to have come from" this person, do you mean only that an address in that domain is listed in the "From:" header? The "From:" address on email is about as meaningful as the return address on postal mail: anybody can put anything they want there, and it will still be delivered. Neither are guarantees that the person listed sent it.
A detailed analysis of the "Received:" headers can sometimes provide information about where it really came from, but the "From:" address should not be trusted on suspected spam.
posted by DevilsAdvocate at 10:25 AM on January 22, 2010
David Berman, who I assume is neither the musician nor poet
Just FYI, David Berman the musician is David Berman the poet.
posted by OmieWise at 10:34 AM on January 22, 2010
Just FYI, David Berman the musician is David Berman the poet.
posted by OmieWise at 10:34 AM on January 22, 2010
And then of course, you send them your money and you never hear from them again.
The sad thing is you actually probably will hear from them again, when they mention there is just one more fee they need to pay before they get the prize. (Repeat as long as it works.) And eventually again from a different e-mail claiming to be an investigator of some kind that has experience recovering money from scams like this.
Scammers are assholes.
posted by furiousxgeorge at 10:38 AM on January 22, 2010
The sad thing is you actually probably will hear from them again, when they mention there is just one more fee they need to pay before they get the prize. (Repeat as long as it works.) And eventually again from a different e-mail claiming to be an investigator of some kind that has experience recovering money from scams like this.
Scammers are assholes.
posted by furiousxgeorge at 10:38 AM on January 22, 2010
It's worth responding to the email just to see what they ask for, sometimes.
posted by tehloki at 10:39 AM on January 22, 2010
posted by tehloki at 10:39 AM on January 22, 2010
One thing to add to the discussion - spam getting through gmail's filters isn't as unusual as you'd think. Every month or two I get a whack of spam messages at my gmail account, usually all at once or in the span of a few days. And we're not talking especially clever spam, just the usual drugs/sex/contest variety.
posted by nicoleincanada at 11:27 AM on January 22, 2010
posted by nicoleincanada at 11:27 AM on January 22, 2010
It seem pretty clear that the email came from a zombied account at UHospitals.org. A lot of business have automatically generated footers whenever an email is sent (law firms, for instance, always have specific disclaimers attached to their emails). The footer has nothing to do with the message.
You might want to send it on to UHospital. They would probably appreacite the heads-up. However, i'm pretty sure that that will do nothing to stop the original scammers.
posted by rtimmel at 11:29 AM on January 22, 2010
You might want to send it on to UHospital. They would probably appreacite the heads-up. However, i'm pretty sure that that will do nothing to stop the original scammers.
posted by rtimmel at 11:29 AM on January 22, 2010
"You might want to make sure that the link actually goes to www.UHhospitals.org."
Sometimes it can be challenging to make sure. Just reading the link isn't always enough. I've seen paypal scams that lead you to paypa1, but they change the font so that a 1 looks identical to an L.
"It's worth responding to the email just to see what they ask for, sometimes."
Ew. No. I definitely wouldn't unless you're using a throwaway email address. Responding can lead to even more spam.
posted by 2oh1 at 11:34 AM on January 22, 2010 [2 favorites]
Sometimes it can be challenging to make sure. Just reading the link isn't always enough. I've seen paypal scams that lead you to paypa1, but they change the font so that a 1 looks identical to an L.
"It's worth responding to the email just to see what they ask for, sometimes."
Ew. No. I definitely wouldn't unless you're using a throwaway email address. Responding can lead to even more spam.
posted by 2oh1 at 11:34 AM on January 22, 2010 [2 favorites]
Same as every other "you've won $X!" scam email. They just zombied a machine at some hospital to do it. Welcome to 2003.
posted by jckll at 11:38 AM on January 22, 2010
posted by jckll at 11:38 AM on January 22, 2010
Flagging it as spam in Gmail will help other people -- they log what is labeled as spam to make their spam filter smarter over time. See here.
posted by melissasaurus at 1:49 PM on January 22, 2010
posted by melissasaurus at 1:49 PM on January 22, 2010
not as common as the Nigerian email scams
This is a Nigerian email scam. Holland is a nice virtual base for African scammers, thanks to good infrastructure (including VOIP providers) and a huge airline hub that's just a roundtrip away from Nigeria.
posted by effbot at 2:34 PM on January 22, 2010
This is a Nigerian email scam. Holland is a nice virtual base for African scammers, thanks to good infrastructure (including VOIP providers) and a huge airline hub that's just a roundtrip away from Nigeria.
posted by effbot at 2:34 PM on January 22, 2010
Responding can lead to even more spam
This is true, and you should probably be aware of it before attempting to troll a scam artist.
posted by tehloki at 11:44 AM on January 24, 2010
This is true, and you should probably be aware of it before attempting to troll a scam artist.
posted by tehloki at 11:44 AM on January 24, 2010
This thread is closed to new comments.
posted by reptile at 9:38 AM on January 22, 2010