{"id":175,"date":"2011-12-04T16:37:03","date_gmt":"2011-12-04T05:37:03","guid":{"rendered":"http:\/\/sijnstra.name\/blog\/?p=175"},"modified":"2011-12-04T16:37:03","modified_gmt":"2011-12-04T05:37:03","slug":"same-ol-spam-but-different","status":"publish","type":"post","link":"http:\/\/sijnstra.name\/blog\/2011\/12\/04\/same-ol-spam-but-different\/","title":{"rendered":"Same ol' spam, but different"},"content":{"rendered":"

So the same scam has been sent to me again (well, the Adobe version this time, not the Skype one). This scam has been around often and long enough (already back in 2010!, prior to them stealing my identity for one of the scam runs) that it has a Snopes page<\/a>.<\/p>\n

The updated spam, which I received a couple of days ago, again invents new versions of the adobe products that don’t exist. This time it’s Adobe 2012, and they are “charging” (i.e. stealing your details) for Adobe reader – which is always free.<\/p>\n

This is what the scam looks like (and please don’t go to the links in the scam unless you know what you are doing) – although the mailout redirect goes through a third party, so the links have a landing page which collects usage information before sending you to the scam landing page. The scam landing page then takes you to the scam page proper that takes your money.<\/p>\n

[sourcecode language=”html”]
\nINTRODUCING UPGRADED ADOBE ACROBAT READER 2012<\/p>\n

Adobe is pleased to announce new version upgrades for Adobe Acrobat Reader<\/p>\n

http:\/\/www.adobe-upgrade-2012.com<\/p>\n

Advanced features include:<\/p>\n

– Collaborate across borders
\n– Create rich, polished PDF files from any application that prints
\n– Ensure visual fidelity
\n– Encrypt and share PDF files more securely
\n– Use the standard for document archival and exchange<\/p>\n

To upgrade and enhance your work productivity today, go to:<\/p>\n

http:\/\/www.adobe-upgrade-2012.com<\/p>\n

Start downloading the update right now and let us know what you think about it.<\/p>\n

We’re working on making Adobe Acrobat Reader better all the time !<\/p>\n

Copyright 2011 Adobe Systems Incorporated. All rights reserved.<\/p>\n

Adobe Systems Incorporated
\n343 Preston Street
\nOttawa, ON K1S 1N4
\nCanada
\n[\/sourcecode]<\/p>\n

So the main difference that I’ve noticed with the scam is that this time they’ve used some extra money (also presumably stolen) to pay for the site whois to not be shown:<\/p>\n

\nDomain Name:adobe-upgrade-2012.com\nRecord created:11\/29\/2011\nRecord expired:11\/29\/2012\n\n\nDomain servers in listed order:\n\t ns1.dns-diy.net \t ns2.dns-diy.net\n\nAdministrat:\n   name-- Domain ID Shield Service\n   org-- Domain ID Shield Service CO., Limited\n   country-- CN\n   province-- Hong Kong\n   city-- Hong Kong\n   address-- 1102-1103,11\/F,Kowloon Bldg.,555 Nathan Rd.,Mongkok,Kowloon\n   postalcode-- 999077\n   telephone-- +852.22060092\n   fax-- +852.30030133\n   E-mail-- ad4561094151701@domainidshield.com\nTechnical Contact:\n   name-- Domain ID Shield Service\n   org-- Domain ID Shield Service CO., Limited\n   country-- CN\n   province-- Hong Kong\n   city-- Hong Kong\n   address-- 1102-1103,11\/F,Kowloon Bldg.,555 Nathan Rd.,Mongkok,Kowloon\n   postalcode-- 999077\n   telephone-- +852.22060092\n   fax-- +852.30030133\n   E-mail-- ad4561094473302@domainidshield.com\nBilling Contact:\n   name-- Domain ID Shield Service\n   org-- Domain ID Shield Service CO., Limited\n   country-- CN\n   province-- Hong Kong\n   city-- Hong Kong\n   address-- 1102-1103,11\/F,Kowloon Bldg.,555 Nathan Rd.,Mongkok,Kowloon\n   postalcode-- 999077\n   telephone-- +852.22060092\n   fax-- +852.30030133\n   E-mail-- ad4561094473303@domainidshield.com\nRegistrant Contact:\n   name-- Domain ID Shield Service\n   org-- Domain ID Shield Service CO., Limited\n   country-- CN\n   province-- Hong Kong\n   city-- Hong Kong\n   address-- 1102-1103,11\/F,Kowloon Bldg.,555 Nathan Rd.,Mongkok,Kowloon\n   postalcode-- 999077\n   telephone-- +852.22060092\n   fax-- +852.30030133\n   E-mail-- ad4561094539504@domainidshield.com\n<\/pre>\n
Despite this, it all does look very very similar and the one thing that cannot be hidden is the creation date of the URL. It is always a giveaway that if a website is contacting you unsolicited, and asks for your money from a web domain that has been put together in the last few days, they are up to no good.<\/p>\n","protected":false},"excerpt":{"rendered":"
So the same scam has been sent to me again (well, the Adobe version this time, not the Skype one). This scam has been around often and long enough (already back in 2010!, prior to them stealing my identity for one of the scam runs) that it has a Snopes page. The updated spam, which … <\/p>\n
Continue reading “Same ol' spam, but different”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[6],"tags":[31,33],"_links":{"self":[{"href":"http:\/\/sijnstra.name\/blog\/wp-json\/wp\/v2\/posts\/175"}],"collection":[{"href":"http:\/\/sijnstra.name\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/sijnstra.name\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/sijnstra.name\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/sijnstra.name\/blog\/wp-json\/wp\/v2\/comments?post=175"}],"version-history":[{"count":0,"href":"http:\/\/sijnstra.name\/blog\/wp-json\/wp\/v2\/posts\/175\/revisions"}],"wp:attachment":[{"href":"http:\/\/sijnstra.name\/blog\/wp-json\/wp\/v2\/media?parent=175"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/sijnstra.name\/blog\/wp-json\/wp\/v2\/categories?post=175"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/sijnstra.name\/blog\/wp-json\/wp\/v2\/tags?post=175"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}