My secret?

I love this site! Every morning, I now login to my SpamCop.net account, and I paste in the entire email message (including headers) and his submit. Spamcop.net analyzes the email to figure out who actually sends it, and then you can alert the actual domain owners (or people in charge of fighting the spam).  I opened an account for $2 (you can try it for free too) and am just thrilled to be able to do my little part to get back at the folks who spam me. It takes me less than 10 seconds to report each message.

I use Thunderbird for my email application, and in Thunderbird you can quickly view and copy the full message by clicking on “View” and then selecting “Message Source”. I then select all, and copy, and paste right into SpamCop.net’s field.

If you use Outlook and want help copy/pasting the email with full headers, please leave a comment on this article and I’ll look it up and report it here. Or if you know how to do this with Outlook, leave that in a comment as well.

Give it a try, it makes you feel good, really, it does!

“Two law firms, Beck & Lee from Miami and The Weston Firm in San Diego, have filed a class action lawsuit in Los Angeles federal court alleging unfair business practices by local business review and rating website operator Yelp.”

Read the full article from TechCrunch.com

I called this particular company to find out a) what this mysterious “platform” change is and b) how they got websites prepared. Needless to say their answers made absolutely no sense at all. So if you get a cold call from a company who tries to scare you into hiring them to do SEO work, do your homework, ask your web designer to check into them, or make sure you can independently verify all of their claims. Don’t fall for the mumbo jumbo and scare tactics!

zipweb.com is a internet search marketing company like Dex and YellowPages. They have a directory that they’ll list your business in for a price. They make cold calls to small business owners with websites and make a pitch that sounds too good to be true. Here’s what my client says:

“They offered a one-month free trial of their ad service, promising to list me on Google, Yahoo, etc. (85 places total) and I very explicitly said “Do I need to cancel this or will it stop on its own?” They said it would stop on its own and I would get several notices by email first.

My service apparently got billed on November 30th for the month to come, and I called on Dec 1 to cancel, just in case. I hadn’t heard about the bill yet and was surprised on the phone.

Then I told them to cancel and reverse the charge, which, after some hemming and hawing, they did do. Or at least, they said they did.

I gave no credit card info, but they billed me via the phone company!!“

I found this article on ComplaintsBoard.com about another person who had their phone bill charge without their consent. I also found an article called ZipWeb Beware. And yet another one here. And still another one. The stories are all virtually identical. After being told something was a free trial that would NOT self-renew, customers felt safe in saying yes, because they hadn’t given zipweb their credit card numbers. But apparently zipweb is able to bill people via their phone numbers – without their knowledge or consent.

Be careful out there small business website owners. Even free trials aren’t actually free…and while my client got the following from zipweb, we’ll see whether she actually gets her money back:

To Whom It May Concern:
Per our conversation as of 12/01/09, we will no longer provide services for your business nor charge your phone statement for services. Your total satisfaction with our company and the cancellation process is of utmost importance to me. Your refund of $49.95 will appear on your phone statement within 1-2 billing cycles. If your credit does not appear within that time frame please contact us. Please call me directly if you have any questions or concerns about our services, or your cancellation.

Please retain this notice for your records.

In the event that your invoice was in process with your phone company at the time of this cancellation and you receive a statement past this date of cancellation, please contact us at (866) 606-3249 and we will issue a credit for that charge.

If you have any questions concerning our service, this letter or the actions taken on your behalf, please call me. We can be reached by phone during normal business hours Monday-Friday from 6am–8pm PST at (866) 606-3249.

So if you have gotten unauthorized charges from zipweb.com, fight  them and get a refund. This client spent a good deal of time on the phone and had to really stand her ground and insist over and over again that they had made unauthorized charges, but eventually she won. Don’t give up!

Most reputable professional newsletter/email marketing companies have strong anti-spam policies in place. If you receive an email from someone who is using a professional service, go to the company’s website and look for their privacy or spam policy. I usually look in the footer of their home page.

Read MyEmma’s Emma’s privacy and permission policy, and Constant Contact’s Anti-Spam Policy.

My Emma’s policy states:

To send an email to someone using Emma, that recipient must be:

• Someone who is a customer, member or subscriber of your business or organization,
• Someone who has specifically asked to receive your emails by opting in or signing up in some way, or
• Someone who has bought a product or service from you in the past 18 months.

Constant Contact defines spam at “Spam is unsolicited email also known as UCE (Unsolicited Commercial Email). By sending email to only to those who have requested to receive it, you are following accepted permission-based email guidelines.”

And both companies, have email addresses (abuse@myemma.com and abuse@constantcontact.com) that you can simply forward the offending spam to, and they’ll take care of it. I do this every time I receive spam from a professional newsletter or marketing company, because rather than just removing my own email address, I want the business owner to remove ALL of the other people that they are spamming as well.

The email looks like this:

Subject: Compensation Notification (Read Attachment)
From: OFFICE OF THE PRESIDENT cmofng4631@sbcglobal.net
Reply-to: compensation@diamondplcng.com
Cc: recipient list not shown

It has a .txt attachment.

Again, don’t open the attachment – just delete the email.

My client is in the dog training business. She has an extensive online training system that includes both dog training products and dog training services, like private lessons and classes. Because of her website content, she gets targeted with email scams that are a little harder to detect, because they mention her products and services.

Here’s the first example:

From: BILL CARSON <poineer.northinc@gmail.com>
Date: November 25, 2009 1:54:25 PM PST
To: mr.carson123@yahoo.com
Subject: Order request

Hello Greetings to you and the company well My name is Bill Carson and i will like to know if you do sell harness  and if you do email me with the Types  that you Have  and include their prices range On them thank you

Best regards
Bill Carson

Now, she does indeed sell harnesses, so this might be a real customer. Let’s look at the email for warning signs that it’s an attempted scam.

1. The email was sent to her BCC (blind carbon copy), see how the “To” field is to mr.carson123@yahoo.com? Big red flag.

2. Subject is very, very generic and designed to get your attention. “Order request”.

3. Poor sentence structure, capitalization in weird places.

4. She has an online store, so logically, there’s no need to send products and pricing, it’s online – that is available to any real customer who wants to get the information. You can’t view a harness on her site without viewing the price, etc.

The purpose of this kind of scam, is to get you engaged with someone in a business transaction, so that they can attempt to pull some kind of Nigerian scam on you.

This next example is a great one, you can see the beginnings of the money exchange attempt. Notice it is also sent BCC to my client, because the “To” field is geoff.collins. Also note it begins with “Greetings” – another apparent red flag:

From: Benjamin Morgan <benjaminmorgan37@yahoo.co.uk>
Date: November 25, 2009 5:19:31 AM PST
To: geoff.collins@paradise.net.nz
Subject: LESSONS/BOOKING

Greetings.
I hope this email meets you in good health and spirits.
I would be coming into the country with five puppies. As part of my Dad’s 50th birthday anniversay, I would love to have the puppies entertain the guests on that special day. Can you organize a 2 MONTH training lessons/classes for them? How many hours of lessons would the puppies need?
DATE: 25TH JANUARY 2010 TO 24TH MARCH 2010

In order to fully secure the booking with you, I would send my credit card details for a deposit. I hope you do accept credit cards via email? Do you have a POS termainal in your office? Kindly get back to me with a confirmatory email so we could proceed with the booking.

Notice how the email is trying to lure my client in with a big promise of lots of work and therefore lots of money? Notice how anxious they are to send credit card details? And they want to send them via email, which is totally unsecure? And they’re asking about a POS (point of sale) terminal? And of course, the whole idea is a bit farfetched, someone is coming from the UK with 5 puppies and he wants them trained for several months to entertain his father at his birthday party?

Let’s review how a scam like this might work. They send a stolen credit card number for a huge amount of money because continuously training 5 puppies for three months is a huge endeavor. Then, maybe they cancel it, and ask for a refund. Now, if you send them a refund before you and your credit card processing company figure out it’s stolen, you’re out of the money. Or perhaps they send the credit card, but it doesn’t work, and they they start asking you for your bank information to wire you the money….see how this works?

So be very, very wary of emails that sound like these two. Remember the warning signs: you are bcc’d on the email, it’s addressed to someone else, they ask for things related to your business – but the requests don’t make sense, the emails start off with a formal greeting, and are badly written.  It’s weird that these both came in on the same day!

Be careful out there!

Here are some of the articles that I’ve found regarding Yelp and small business owners who claim they are being told that in exchange for money, Yelp will reduce negative reviews of the business on their  website. While I haven’t had any personal experience with Yelp, I think small business owners should at least be aware of these allegations.

“Yelp and the Business of Extortion 2.0″
East Bay Express News
“Local business owners say Yelp offers to hide negative customer reviews of their businesses on its web site … for a price.”

BEWARE: Yelp.com is a fraud!
ScottWorldBlog.WordPress.com
“Ladies and gentlemen, I would like to call your attention to a very nefarious website called yelp.com, which you should avoid at all costs.”

CrossFit East Bay Rest Day 090223: Yelp Is A Scam
Cross Fit East Bay Website
“I can confirm that Yelp has been incredibly aggressive in trying to get me to advertise, and has removed six five-star reviews of CFEB after I declined to advertise.”

“Yelp ‘pay to play’ pitch makes shops scream for help”
The Register
“Over the last years, five San Francisco Bay Area businesses have told The Register that the company has offered to “push bad reviews to the bottom” of their Yelp pages if they paid to advertise on the site.”

Here’s what I look for and what I found:

1. Professional – the website was professionally designed

2. Content – the content was well written

3. Company Info – I was unable to quickly find any information that gave me details about the company. Namely I look for a phone number, a mailing address, an email based on the website domain – none of this was available.

4. Person Responsible – I was unable to find out WHO is running this company – there was no name of anyone affiliated with the company anywhere.

5. Red Flags – I found that on the company’s main contact page, they were collecting all kinds of personal information, including social security numbers and net worth details. This page was not secure, meaning that it didn’s have “https” and that this information was being sent unencrypted. It seems incredible to me that people would be asked to submit this kind of very personal information to a website that had no easy way to identify who the information was being sent to. Really scary stuff here.

Due to my workload I declined the project, and gave this same feedback to the website owner.

If you’re considering doing business with someone and the only information you have to evaluate them is their website, it’s important you review that website in detail. Look for generic sounding “About Us” pages that really give you no concrete or verifiable information about the company. Look for missing phone numbers, missing address info, missing or generic (free) email accounts. Try to find the name of a real person associated with the business. Lastly, look for any red flags that might suggest less than good intentions, like collecting very personal information (credit card info, social security info) that’s being send over unencrypted (http not https) connection. While all of these issues can certainly be present on a completely reputable and valid business website, they are also markers of a business that can easily disappear without a trace. Be careful out there!

Since my client has her domain ownership kept private by DreamHost, the email was sent to clientdomainname.com@proxy.dreamhost.com. The email was from: erica.bucker@blueridgehosting.com and the subject was “domain clientsdomainname”.

Here’s the email, with my client’s actual domain name replaced by “clientdomainname.com”:

Dear owner of clientdomain.com,

I noticeded [sic] that your domain “clientdomain.com” expires in a few weeks, which means that it is going to be publicly available soon. I’d like to buy this domain name before it expires.

I assume that you are not interested in keeping it for yourself.

I can buy this domain for $60 plus any renewal related expenses. What do you think?

Erica Buckner,
erica.buckner@blueridgehosting.com

As I mentioned, I emailed Erica and also filled out a contact form for Blue Ridge Hosting asking whether there was someone named Erica working there and why they were trying to purchase one of my client’s domain names – neither method resulted in a reply. I looked up BlueRidgeHosting.com and the whois info said it was in Mechanicsburg, Pennsylvania.

You may be asking, how did they know that the domain was going to expire soon? Domain name expiration dates are public information. This is why, if you intend to keep your domain name, you set your domain registration to “auto renew” so that no one can grab it if it happens to expire and you forget to renew it manually. My client had it set to “auto renew” but it hadn’t renewed itself yet.

I can only speculate why this person, whoever they are, is attempting to purchase one of my client’s domains for a measly $60 – we’re talking about a very well established business with a high amount of website traffic and many sales. It makes no sense, unless it’s some kind of scam, or perhaps a competitor? I have no idea, but just in case some of you out there have received the same email, I wanted to post it here, because you can’t be too careful.

And when you get strange emails regarding your website, it’s always best to ask your web designer or do some research yourself before answering. There are lots of scam artists out there trying to take advantage of small business owners who have websites.

If I hear from the person or someone else from the company, I’ll post it here to let you know the outcome.

“Computer security specialists warn that Facebook users have been hit with a series of data-stealing attacks in the past week as cyber crooks increasingly stalk social-networking websites. This attacked is called 419 Scam.”

Here’s the link: http://webcastr.com/videos/informational/facebook-cyber-crooks-target.html

Anytime someone contacts you via the internet asking for money, whether it’s via email or via a social networking site like Facebook, it’s a good idea to be skeptical and attempt to verify directly with the individual – even if the individual is someone you think you know.

The email came from a company called “Global Vibrations” in Washington DC and the return email was marcshneider@mplw.net. Like I usually do with these emails, I first looked up mplw.net and found it was all about multilingual search engines. There was a link to sitemap services, and that’s where I found, to my amazement, this graphic:

Wow, a Google Sitemap for $250. Now I realize many of you are thinking, what the heck is a sitemap and maybe this is a resonable price. Not so!

First off, Google and Yahoo and everyone else use the same XML sitemap format. You don’t  need a different one for Google and Yahoo. Secondly, it’s a little text file that simply lists the pages on your site. It’s supposed to help search engines find all the pages on your site. Now whenever I design a website, I create one, just as an insurance policy to make sure Google finds all the pages, but if Google has already found your pages, you might not need one. Click here to see if Google has indexed all of your website’s pages. Google even provides a free site map generator.

Now, if your website isn’t fully indexed and you think you need a sitemap, what’s a reasonable price? Well, for many of the websites I design that are under 30 pages, making a sitepmap takes maybe 15 minutes. Maybe a neurosurgeon can make $250 in 15 minutes, but not most web designers. Therefore, charging a flat rate of $250 for a sitemap is really, really, really overcharging folks for something they might not need and even if they do need it, it’s pretty quick to create.

This is just one example of an SEO company or individual charging for things that are pretty close to free. Here are some others:

Submission to Search Engines

I often see this offered as a service. First off, if you take the top three search engines, Google, Yahoo and MSN, you’ve got nearly 70% of the search engine market covered (see January 2009 results). What if I told you could submit your website to these three search engines for free? Seriously. Here are the links:

1. Submit your website to Google
2. Submit your website to Yahoo
3. Submit your website to MSN

Now, if the big three let you submit for free, what are chances the other little players charge you? You get the point. Please don’t pay someone to do this for you. And you only need to do this ONCE for your website. Submitting over and over will only annoy them, and we don’t want that.

Robots.txt File

This is another example if a very small file that can help your website. Again, this takes maybe 5 whole minutes to create and is typically much smaller than the sitemap file. Oh, and Google also has a tool that will help you create this little helper file too. Click here to get Google’s help to create a robots.txt file. It’s supposed to give “bots” those mysterious little programs that crawl around the web directions. Again, not super hard to make and should only take someone a few minutes.

Meta Tags

Now this item is a tricky one. It’s super easy to change a website’s meta tags. But what to change them to is the part that takes the time investment. What are meta tags? These little pieces of code, very short, that are (or should be) a part of your website code near the top of your page. Want to see what your meta tags look like? Just go to your home page, click “view source” in your browser. Look at the top for something like:

<title>Hello I am your title and should be filled with keywords</title>

That’s the “title” tag. And here’s the description tag:

<meta name=”Description” content=”Hello I am a description of this particular page” />

That’s it. See how short they are? The hard part is doing the research to figure out what to put in these two meta tags. But actually changing them is very quick. A good SEO person should involve you in this research. Changing the tags is trivial, deciding what to change them to is not. And what about the keyword meta tag? The keyword meta tag was declared dead and useless in 2002. Don’t pay someone to add or modify it.

Link Building

Be really, really careful of link building scams – they can actually do damage to your search engine rankings.  On the Global Vibrations website I saw they were offering a month of link building for over $3000. This is a huge amount of money – and you need to find out exactly what you’re getting for this. If they are just going to spam small business website owners with endless link exchange requests, it’s not worth it. Find out details, ask questions. If they can’t explain their link building practices in language that you understand, look elsewhere.

W3C Validation

While it is debatable whether having your website validate is a benefit to SEO, actually finding out IF your website code is valid is free. Click here to use the W3C Validation tool.

Image Tag Optimization

Sounds impressive huh? Well, it’s a very small task depending on the number of images you have on your website. In general, whenever you add an image, there’s a part of the image code that can contain keywords. It’s contained in the ALT attribute of the image tag. So if you sell widgets, it might look like this:

<img src=”images/widget.jpg” alt=”widget”>

It’s just a little bitty extra piece that should, as a matter of good design, be on every image.

Local Google Listing

By now you’re getting pattern, right? Google stuff is FREE. Click here to learn how to get your business listed in Google Local.

Want good FREE SEO advice? Visit Google’s Webmaster Central. Even if you’re not a web designer, it will give you a good education right from the horse’s mouth, so to speak. And if someone gives you a list of SEO services they will provide – do a little bit of research to see if any of these things are really something you can do yourself. There are lot of people out there to take advantage of this thing called SEO – a little education goes a long way.

———————————————————

More articles from others who receive spam from Global Vibrations:

http://www.billhartzer.com/pages/marc-schneider-and-global-vibration-inc-the-myth-of-multilingual-search-engine-promotions/

http://www.seonj.com/marketing/global-vibrations-inc.html

http://www.spiread.com/blog/2008/12/12/beware-of-this-search-engine-optimization-rip-off

http://dansdata.blogsome.com/2007/09/16/315/

http://r2d5.net/category/company/global-vibration-inc

And here’s the original email my client received:

Did you receive the e-mail which I sent to you recently (copied here-below)?
Please confirm since I have had problems lately with emails intercepted by spam-filters set too high.

Cordially,

Marc Shneider, Ph.D.
marcshneider@mplw.net

I am Dr. Marc Schneider and I work for Global Vibration Inc. in Washington DC ( Tel: 1 202-787-3989 ) – I would like to speak with the person in charge of your international clientele. Who is my contact? Who should I speak to??

In fact, after visiting (website URL), I have noticed that your website cannot be found on foreign search engines (I tested it on Hispanic search engines, German search engines, Asian search engines, etc.) Our company is specialized in multilingual search engine promotions in 28 languages . From the Japanese Google to the German Yahoo, from the AOL in Spanish to the MSN in Chinese, we can show you how to develop a true international online presence by promoting your website on foreign search engines.

Let us show you how to develop a presence on the multilingual web without having to translate your website: It is not necessary to translate your website in order to submit to foreign search engines, however, you need to have at least 1 page in Japanese optimized with Japanese keywords and meta tags in order to submit to Japanese search engines, at least 1 page in Spanish optimized with Spanish keywords in order to submit to Hispanic search engines and so on…

I strongly suggest that you watch our online presentation which will explains clearly how to get top rankings on foreign search engines with only 1 entry page per language (click on the following link or copy-paste it into your web browser): http://www.mplw.net/demo

From the Japanese Google to the German Yahoo, from the AOL in Spanish to the MSN in Chinese, get users to find your website when searching with YOUR KEYWORDS in their Native language.

Please call me at 1 (202)-787-3989 or email me and let’s work on giving your website the true international exposure which it deserves to have with foreign native online users!!

Regards,

Marc Shneider, Ph.D.
marcshneider@mplw.net_____________________

GLOBAL VIBRATION INC.
1250 Connecticut Ave N.W. Suite 200
Washington, DC 20036 USA
TEL: 1(202)-787-3989 – FAX: 1 (202)-318-4779
http://www.mplw.net :
Multilingual Search Engine Promotion Services since 1999.

Here’s the email my client received:

Subject: your website
From: “Jason Adams” <jason@keyphraseplacement.com>
We can put your site at the top of a search engines listings. If this is something you might be interested in, send me a reply with the web addresses you want to promote and the best way to contact you with some options.

Sincerely,

Jason Adams
Director of Marketing
Keyword Placement Inc.

But when you go to their website, you see this:

A suggestion to folks sending out spam from a website domain: It’s probably a good idea to actually have a website up and running at your domain before you send out your spam. Having an error message like this doesn’t look good.

It’s also important to note that the client who received this email is already at the very top of the search engines for her targeted keywords – which is probably how the spammer got her email address in the first place. Ironic, isn’t it?  The penalty for being ranked well is getting spam asking you to hire people who can help you rank well. 

And here’s a nice bit of information: This email has been sent out with many different names, as you can see form this link  to the Cedar Hill Community Blog, which has apparently been collecting spam. It’s been sent out from “Chris Thomas PowerPoint SEO” and “Mike Taylor Placement Technologies“. This link to the J-Town Traffic Watch has these names and “Linda Mancini“.

UPDATE: Wow, they’re busy sending out spam today. Two more have arrived to my clients:

From: “Mike Lewis” <mike@keyplacementseo.com>

We can put your site at the top of a search engines listings. If this is something you might be interested in, send me a reply with the web addresses you want to promote and the best way to contact you with some options.

Sincerely,

Mike Lewis
Director of Marketing
Keyword Placement Inc.

———————————–

(Note from Jill, keyplacementseo.com actually has a working website, perhaps this is the actual company that’s sending out all the spam today)

———————-

Subject: your website
From: “Paula Reynolds” <paula@clearpathtraffic.com>

We can put your site at the top of a search engines listings. If this is something you might be interested in, send me a reply with the web addresses you want to promote and the best way to contact you with some options.

Sincerely,

Paula Reynolds

—————

(Note from Jill, clearpathtraffic.com  redirects to http://bbs.100te.cn/newstyle/zantingtz/1.htm and that appears to be in Chinese? And how come Mike and Jason get to be “Director of Marketing” while poor Paula Reynolds has no title. How unfair!)

Update: 4/20/09 from one of my clients, another clearpathtraffic spam:

Subject: your website

If you’re interested in showing up as a first page result for more search
terms on google and yahoo, reply back with all addresses you’re looking to
promote and the best number to contact you with details.

Sincerely,

Linda Harrington

Note, the return email is to Linda@ClearPathTraffic.com, but no other company name or contact info is mentioned. ClearPathTraffic.com is still showing a bunch of  Chinese characters on it. And looking at the Whois for ClearPathTraffic.com, I find this additional evidence they are in China:

Domain Name      : clearpathtraffic.com
PunnyCode        : clearpathtraffic.com
Registrant:
Organization   : LiFeng
Name           : LiFeng
Address        : ChengDuDaShiJie246Hao
City           : ChengDu
Province/State : SiChuan
Country        : CN
Postal Code    : 610041

Here’s the spam from “Victoria Ulter”

Hello this is Victoria Ulter touching base with you about our V/MC Processing Suite of Services. We were trying to reach you for quite some time and I wanted to see if we could just send you some information in the mail so you could determine if our services were of need at the moment?

The mailing address we have on file is 6556 Mother Lode Dr in Placerville, CA. If this is still correct please let me know and we’ll send you a brochure.

#1.) New – Corporate Group Discount Program

You can join at no cost for our Corporate Group Discount Program which will give you 90% Off an entire host of services from:

>> >> Office Supplies
>> >> Shipping Services
>> >> Printing Services
>> >> And More

#2.) Our Main Area- Credit Card Processing Programs

> > Best Rates and Fees: Please Note We Do Not Charge PCI Compliance Fees

Discount Rate: 1.39% swiped and 1.79% keyed
Mid-Qualified and Non-Qualified: 2.25%-3.25%
10 cents for Each Transaction
$5 Monthly Statement Fee
No Contracts
24 Hour Funding/Free Online Reporting

> Free Terminals including New Nurit 8400 Landline, New Nurit 8000 Wireless,  Virtual Terminal System, OTI Contactless

#3.) 18% Premium Cashflow Loans and/or Cash Advances, Receive Funding In 48 Hours

#4.) Free New Point-Of-Sale System, A $1,000 Value At No Cost

#5.) Check Processing Service For Only $1.00 A Transaction, No Discount Rates For Checks

#6.) 100 Free Custom-Designed Gift and Loyalty Cards

#7.) Free ATM Machine Program, You Receive $1.00 Of Each Surcharge Just For Having Our ATM At Your Location

#8.) Fuel and Fleet Programs Including Voyager and Wright Express

#9.) Private Label Credit Cards So You Can Issue Your Own Credit Lines To Customers

#10.) Partnership Opportunities For Banks

Please let me know if your mailing address is still the same to send the brochure and also if this is the correct email address to forward the Link to our Purchasing Site for the Corporate Group Discount Program.

Thanks,

Vickie Ulter
Business Development/Marketing Assistant

See the end of the email? Notice the complete absence of a company name, a company address, a company email or phone number or website? This is how you can figure out if an email is really a legitimate business. Look at the return email address. In this example, it was vulter@autoemailsystem48.com – again, if someone is a legitimate company sending email, their email address should come from that company. Look for these clues before answering any unsoliticted email you may receive!

Subject: Live IP Verification
From: PayPal (return address is check@mail.com)
Reply-To: noreply@mail.com
To: undisclosed-recipients

We noticed one or more login attempts from a foreign IP address.

Log In now to resolve the problem.

The link goes to: http://windowmevision.co.za/live/read.php which of course isn’t PayPal, in fact, it’s a website that is redirected to: http://sa-in.com/catalog/images/.live/id.htm and this website has duplicated PayPal’s logon screen.

Again, this is NOT a PayPal website, it’s a phishing scam.

You can report fake PayPal emails here: https://www.paypal.com/cgi-bin/webscr?cmd=xpt/Marketing/securitycenter/antiphishing/PPPhishingReport-outside

And fake PayPal websites here: https://www.paypal.com/cgi-bin/webscr?cmd=_external-webform&f=pps_spf

This website is still live, so the more folks that report it, the better.

This week I was reminded of the price that I sometimes pay for trying to keep other web developers and web marketing folks honest. I often write blog articles because I receive emails that I suspect are spam or scams, or because in the course of doing work for a client, come across some unethical practice I want to warn other developers and clients about.

The majority of the time, it works out fine. Folks who read my blog leave me really nice comments thanking me for my efforts. But everyone once in a while, the person or company that I might be warning others about decides to take action against me.

This week I received several emails from a web developer who was very angry that I submitted an inquiry about his company’s multiple listings on Google Maps. Google is the ultimate judge. And Google provides different ways for people to report websites who might be in violation of their policies. But it makes people angry when you report them, which is understandable. It’s much easier to get angry at me, the whistleblower, than at Google, who makes up their own rules and enforces them.

Another side effect of writing these kinds of posts, is that sometimes the angry people will write fake bad reviews about my company and post them online. While some of these reviews were just outrageous and obviously written by a nut, it’s still not fun getting them.

I guess when the bad reviews and angry emails out number the thank-you’s I get from readers, I might reconsider my practice. But for the moment, the praise is greater than the punishment. I think that since there is no standard of web design ethics (like there is for psychologists), using Google’s webmaster quality guidelines is the next best thing. I do my best to help keep small business owners out of trouble and free from scams, and also keep the internet itself free from spam by using Google’s reporting tools. Wish me luck.

(Before you read it, remember what we’ve talked about before to help you identify scam/spam emails: The email comes from a domain that is NOT the domain of the alleged company. Emails that come from free domains (in this case arcor.de or yahoo or gmail or hotmail) should always be suspect.)

Here’s the email:

Subject: Lucrative Business Forums
From: Shadelove@arcor.de

FROM: Mr. Patrick K. W Chan
(Executive Director & Chief financial Officer)
Hang Seng Bank Limited
83 Des Voeux Road, Central
Hong Kong SAR.

It is understandable that you might be a little bit apprehensive because you do not know me but I have a lucrative business proposal of mutual interest to share with you. I got your reference in my search for someone who suits my proposed business relationship.

I am Mr. Patrick K. W Chan Executive Director & Chief financial Officer of Hang Seng Bank Ltd. I have an obscured business suggestion for you. I will need you to assist me in executing a business project from Hong Kong to your country. It involves the transfer of a large sum of money. Everything concerning this transaction shall be legally done without hitch. Please endeavor to observe utmost discretion in all matters concerning this issue.

Once the funds have been successfully transferred into your account, we shall share in the ratio to be agreed by both of us

I will prefer you reach me on my private email address below (pkchan_2001@yahoo.com.hk) and finally after that I shall furnish you with more information’s about this operation.

Please if you are not interested delete this email and do not hunt me because I am putting my career and the life of my family at stake with this venture. Although nothing ventured is nothing gained.Do send me the following details when responding back to me.

Your Full Names:
Phone and Fax:
Country.

Your earliest response to this letter will be appreciated.

Kind Regards,

Mr.Patrick K. W Chan

Erwischt! Bei Arcor sehen Sie die besten Promi-Bilder riesengroß und in Top-Qualität. Hier finden Sie die schönsten Schnappschüsse auf dem roten Teppich, lernen die Frauen des Womanizers Boris Becker kennen und schauen den Royals ins Wohnzimmer. Viel Spaß auf Ihrer virtuellen Reise durch die Welt der Stars und Sternchen: http://vip.arcor.de.

Now, I’m sure all of you know this is a scam, but just in case someone out there, in the middle of the country (not that there’s anything wrong with that) , with dial-up (not that there’s anything wrong with that) has put this person’s name in Google search, I’m hoping this blog article comes up to warn them – this is a scam, do not reply to the email!

I haven’t written a blog article about phishing yet, but last  night I received an email that was classically trying to trick people into revealing their PayPal login information. The funniest thing about this particlar phishing attempt, was that they actually mispelled PayPal in the “from” field, spelling it “PayPla”.

First, a vocabulary lesson: Phishing.

Wikipedia defines it as:

phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

Here’s a look at what the email looked like:

Now, if you hover your mouse over the “click here” link, you note that they are attempting to get you to log into http://mail.reboil.com/remote/images/welcome.htm – this is NOT PayPal.

You should never, never login to a website via clicking on a link in an email. It’s much better to type in PayPal.com yourself in your browser so you know you’re headed to PayPal.

If you receive a phishing email like this, you should report it to the actual real company. Here is where to report fake PayPal emails to PayPal.

In fact, PayPal has a whole area on it’s website dedicated to Theff and Fraud Protection.

On it, is a neat “Can You Spot Phishing?” – take the test! You’ll be glad you did.

Now, I went ahead and clicked on the link listed in the email, to see what the website looked like, and was very happy to see this message from my browser (Firefox):

Just for grins, I tried looking at the site in Safari and Internet Explorer, and didn’t see this nifty message – but rather a warning about the security certificate being wrong. I’m impressed with Firefox security!

So be very, very wary about getting emails from companies that have some kind of “hey you better log in to your account right now using this weird link” – if you’re at all suspicous, go directly to the company website and login that way. Many companies, like PayPal, have entire sections of their website dedicated to security and fraud prevention – so you can always ask them what’s up. Better safe than sorry!

Here’s the spam:

Hello this is Valerie Zalburn contacting you again about our Suite of Services. As a reminder, our Merchant V/MC Processing Organization had your contact information on file as we work with a number of companies around the Pet Supplies & Foods-Retail area and I wanted to see if we could send you some information in the mail and follow up with a telephone call.

Now if for some reason I’ve reached the wrong company, please still take a look at our programs and inform me if we could send more information.

We have your mailing address on file at: 6556 Mother Lode Dr in Placerville, CA and your telephone number at 5302951236 is this information still correct?

The funniest part, is the part where they say “Now if for some reason I’ve reached the wrong company…”, because it’s spam, of course they’ve reached the wrong company!  If you put in a fake address like 6556 Mother Lode Drive, and a fake phone number – what are the chances that the company you are spamming actually has that email and address?

Pretty close to zero I’d imagine. So if you were the lucky receipient of an email from Valerie Zalburn, with a fancy title like Office and Marketing Director from a unknown company, wait, unknown company? Seriously, here’s the signature:

We look forward to speaking with you soon.

Regards,

Valerie Zalburn
Office and Marketing Director
Ohio Regional Office : 434 W. Corporate Drive
Cleveland, Ohio 44114

As I’ve mentioned before, the quickest way to spot fraudulent spam, is to see if you can find a real company, with a real address and real phone number.

I got spam from 212.95.54.38   and it looked a lot like the other spam. It had a fake looking author, a fake looking email, and a very short comment that said:

Hello. It is test.

So I looked up the Whois provided by WordPress:

http://ws.arin.net/cgi-bin/whois.pl?queryinput=212.95.54.38

Take a look by clicking on the link.

Now look at this one from the other spam:

http://ws.arin.net/whois/?queryinput=94.102.60.152

OrgName:    RIPE Network Coordination Centre
OrgID:      RIPE
Address:    P.O. Box 10096
City:       Amsterdam
StateProv:
PostalCode: 1001EB
Country:    NL

So what is this, an Amsterdam based spam organization? Anyone have any clue?  I’m totally confused.

UPDATE:

The IP address is from Germany. But when I get an email from WordPress, it has this Whois info, and typically I click on it and it shows me the IP organization name – usually it matches the nameserver. It’s a bit confusing.

UPDATE:

So upon further investigation, I suppose clicking on the “Whois” link in the email that WordPress generates will lead you down the wrong path. I should have used what I always use to check Whois is: http://whois.domaintools.com/, but I usually use that to check domain names, not IP addresses. So it’s  not from Amsterdam, but from Germany. This tool is better for looking up IP addresses: http://whatismyipaddress.com. Sorry Amsterdam, my apologies