Announcement

Collapse
No announcement yet.

Seriously, spammer?

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Seriously, spammer?

    I work for a gigantic tech company of which approx. every human soul in the civilized world has heard of. I certainly don't work in sales, and even if I did, our company doesn't exactly cater to individual retail customers.

    What spam do I get the other day?

    "Hello Sales,

    I would like to order the below items from your store, kindly confirm pricing and availability on it and get back to me or if you could get them for us on a special order which we would be ready to pay for.

    1,Seagate Expansion 1TB USB 2.0 Desktop External Hard Drive

    2,HP OEM ORIGINAL 78DN (C6578DN) Inkjet Cartridge, Tri-Color

    3,HP OEM ORIGINAL HP 96 (C8767WN) Black Inkjet Print Cartridge

    To be ship to [Address of an empty house here... I looked it up on Google Maps.]

    We would also need you to confirm the types of credit card accepted by you."

    What possible reason would this clown have for spamming anybody at my company? I've never gotten this sort of spam in my personal account, so I can only think it's targeted at my company. Which makes absolutely zero sense whatsoever.

    In any case...

    The a$$clown is obviously going to use stolen credit cards to buy easily re-sold goods to be delivered to an empty house. (I suppose I should be relieved there isn't a gullible Mule involved) I'm tempted to play along (using a throwaway e-mail address), but I'm not sure how I would get the stolen number(s) to the proper authorities.

    They used the name of a real business (albeit one in a different state) but a bogus domain name. (BusinessNameInc.com (fake) vs. BusinessName.com (real)
    Last edited by sirwired; 02-14-2013, 04:04 PM.

  • #2
    I would also be concerned that it may be a spearfishing operation, attempting to plant some type of trojan inside your corporate network. You may wish to have that PC checked for nasties and/or odd behavior.

    How up-to-date are the patches on *all* the applications as well as the OS? As an example, there is a known unpatched exploit for Adobe Reader being used right now.

    Non-Chinese activists are being targeted with an 3-year-old exploit of MS Office for Mac...

    And there are some exploits out there that only the black hats know about...
    I am not an a**hole. I am a hemorrhoid. I irritate a**holes!
    Procrastination: Forward planning to insure there is something to do tomorrow.
    Derails threads faster than a pocket nuke.

    Comment


    • #3
      The e-mail's just text, so no chance of that kind of nefariousness here...

      Comment


      • #4
        We get those all the time. It's a chargeback/stolen card scam.

        The person emailing you has a stolen card (or more likely, a series of stolen card numbers) that he's trying to use. So he orders a bunch of crap from random companies to be shipped somewhere he can get it (but he doesn't live), and when the card is reported stolen, he keeps the stuff and doesn't have to pay anything. Usually the product ends up either re-sold or used.

        Usually you can tell because it's an unsolicited request, no backstory, no customer history, the billing address and shipping address are different (or they say "I'll send someone to pick it up"), and it's for a very popular and/or well-known product. Generally expensive, as well.

        Comment


        • #5
          I'd suggest finding the non-emergency number for the local police department and asking them for advice, or sending it to your company's legal office. I don't know if anyone's going to actually go after them, but it's worth trying.
          It doesn't matter if you win or lose, as long as you look really cool doing it! -- Julio Scoundrel, Order of the Stick

          Comment


          • #6
            Anybody have access to a Visa/MC Acct Number -> Bank decoder? I figure if I can get the relevant numbers out of the guy, I could just call the involved banks directly.

            Comment


            • #7
              Foxfire is right; Forward it to legal. They're probably used to seeing this sort of thing, and likely have procedures in place already.

              Comment


              • #8
                To be ship to [Address of an empty house here... I looked it up on Google Maps.]
                Empty house? like no house there or just a vacant home?
                (although google maps do tend to be at least 6 months old sometimes... or older)

                Comment


                • #9
                  Quoth PepperElf View Post
                  although google maps do tend to be at least 6 months old sometimes... or older
                  At Google Maps, we're proud to say that we no longer send people to the wrong towns or have them make unnecessary U-turns!

                  Comment


                  • #10
                    Quoth KiaKat View Post
                    Foxfire is right; Forward it to legal. They're probably used to seeing this sort of thing, and likely have procedures in place already.
                    I'm not sure what legal would do with it; I doubt there's a single department in the entire corporation that takes credit cards, so there's no merchant bank for them to call. (Customers that work with us directly order $100k's of stuff at once, and those that don't work directly go through resellers.) I don't see corporate security touching it, as there's zero security threat to my company. (As in, even if the e-mail were to find its way to the company's most gullible employee, he/she would have no way of actually taking an order for said fencable goods; we're a gigantic Corporate IT firm, not NewEgg.)

                    I can't even go to their Domain registrar, because they want full headers for any scam e-mails, and the corporate mail program simply doesn't provide them to me.

                    Quoth PepperElf View Post
                    Empty house? like no house there or just a vacant home?
                    (although google maps do tend to be at least 6 months old sometimes... or older)
                    The house is empty and for sale.

                    Comment


                    • #11
                      Well, never mind. Their domain is now offline... looks like somebody filed the appropriate fraud report with their domain provider.

                      I wonder what the "half-life" is for these scam domains? I wonder how many got through before it was shut down? I have to imagine that those that send out these spams pretty much sit by the computer waiting for the replies to come in prior to the shutdown.

                      Comment

                      Working...
                      X