I got 8 of these at 2 different email addresses, always a sign of spam.  The pitch is similar to the American Airlines ticket scam but not as well done.  The U.S. Air logo looks terrible, the formatting is sloppy, all the departure cities and times are the same -- only the flight number and confirmation code (and hyperlink destination) vary, and there's no arrival city (which is perfect if you think about it).  This site says the links lead to malware.  Here's what they look like:

Version 1:
Sender: US Airways - Reservations (reservations@myusairways.com)
Subject: Please confirm your US Airways online registration.
Text:
You should check in from 24 hours and up to 60 minutes before your flight (2 hours if you're flying abroad). Then, all you have to do is print your boarding pass and proceed to the gate.
Confirmation code: 768404

Check-in online: Online reservation details
(Check-in link leads to http://christopher-garrison.com/40MVPL5A/index.html)

Flight 5232
Departure city and time
Washington, DC (DCA) 10:00PM
Depart date: 4/5/2012

Version 2:
Same sender
Subject: US Airways online check-in.
Same text, but flight 3164 (leaving at the same time, and from the same place, as flight 5232) and confirmation number 906794
Check-in link leads to http://humanitariantreks.com/Pwam2FNa/index.html

Version 3:
Same sender and subject as #1. Confirmation code 634101, flight 2707 (again, 10 pm from DC)
Check-in link leads to http://galleryshoponline.co.za/sjFbaiZp/index.html

Version 4:
More of the same. Confirmation code 249073, flight 2702 (again, 10 pm from DC)
Check-in link leads to http://e-lingerie.co.za/Afk3VXew/index.html

Version 5:
Flight 1334, confirmation 208947
Check-in link leads to http://orjinalwonderlift.com/2HGyrfcS/index.html

Version 6:
Flight 0605, confirmation 737322
Check-in link leads to http://dreammgmt.com/s3JgEpEu/index.html

Version 7:
Flight 4369, confirmation 124433
Check-in link leads to http://209.227.241.177/Afk3VXew/index.html

Version 8:
Flight 1299, confirmation 436767
Check-in link leads to http://liprandibienesraices.com/sjFbaiZp/index.html
 

Tags: Malware, Scam, Spam

This one is just weird.  Yes, the subject line was "hiccough".  No graphics, no attempt to make the sender's name match the signature line, no company name, and not (obviously) selling anything.  I hope no one would click on something like this.

Sender: vered.ed@zim.co.il
Subject: Hiccough
Text:
Good Evening, robert@rlweiner.com

For three minutes all had been ready, but they still delayed and all were silent.

Offer area: Enter area
("Enter Area" is a hyperlink leading to http://brasmeck.com.br/iso/temp/)

Sincerely Your, Gerace Tenkoorlog.

--ba65d237666fd13b3ffaffb37ce5538c4--
 

Tags: Spam

I got two spams this week claiming to come from the IRS.  They look like different schemes -- one is trying to get me to call a 900 number at $4.79/minute, the other includes a link.  But they look similar so I'm posting them together. 

Message 1:
Sender: Tiera Tanner (AditaOki@megpgh.com)
Subject: Rejection of your tax appeal.
Text:
Dear Business taxpayer,
Hereby you are notified that your Income Tax Refund Appeal id#7138565 has been DECLINED. If you believe the IRS did not properly estimate your case due to a misunderstanding of the facts, be prepared to provide additional information. You can obtain the rejection details and re-submit your appeal by using the instructions in the attachment.

Internal Revenue Service

Telephone Assistance for Businesses:
1-900-511-4750 $4.79/min
Hours of Operation: thursday sunday, 10:15 p.m. 8:45 p.m. your local time (Alaska & Hawaii follow Pacific Time)

Attachment: IRS_JP23823966.htm

Here's what the message looked like:

Message 2:
Sender: Internal Revenue Service (noreply@irs.gov)
Subject: Internal Revenue Service Tax Refund ($312.50)
Text:
Dear Taxpayer,

After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of $312.50. Please submit the tax refund request and allow 2-3 working days for processing.
A refund can be delayed for a variety of reasons. For example submitting invalid records or applying after the deadline. To access the form for your tax refund, please
Click here : http://www.irs.gov/tx/rfnds/redunds.html

(link leads to http://suministrosyserviciosquimicos.com/administrator/templates/USTaxRefundation/www.irs.com/)

Note: For security reasons, we will record your ip-address, the date and time. Deliberate wrong inputs are criminally pursued and indicated.

Thank You
Internal Revenue Services (IRS)

Here's what it looked like:
 

Tags: Scam, Spam

Google: It's great that they keep innovating, and of course not every idea will work out.  But Google's record of killing off products makes me nervous about my reliance on them.  Here are some defunct products I remember (and here are some I never tried. Even more. Still more.):

• Desktop Google search (still working if you can find a copy, thank heaven, but no longer supported)
• Google Buzz
• Google Wave
  
• Pages and files in Google Groups
• And my favorite defunct Google product: Google boxer shorts. Apparently they were printed with, “I’m feeling lucky”.

Tags: Software

OK, this one's novel.  It claims to be a notification from a red-light camera.  Even though I've never been in (or heard of) this city, it's tempting to make sure I'm not the victim of a bureaucratic mistake.  But I was able to resist because of the lameness of the message.  The From address doesn't even try to look real, the message was written poorly, and there are no graphics, contact info, or links to a web site. I do like the use of "automatical" -- that should be a real word.  "Yours or no" is good, as well.  I found reports of other traffic ticket scams with malware attachments, but none that matched the characteristics of this one.

Sender: Brendan Braun (FaithFigueiras@qualitytrading.com)
Subject: Traffic ticket N88790
Attachment: TRAFFIC_TICKET_N88790.htm
Text:
This notification is from the Horseshoe Bend department, your car has been pictured while crossing on the red light. We're testing the automatical identification system and the system of issuing fines, so please have a look at the picture in attachment and confirm whether this car is yours or no.

Tags: Scam, Spam

Since this scam is on the rebound I'm republishing the following:

A friend forwarded the following description of a scam aimed at a well-known college.  Fortunately, they didn't fall for it. 

I would like to make everyone aware of a recent situation here that is most likely a scam to launder stolen credit card funds, appearing as a gift.

• A $9,000 gift is received and approved from an unknown entity (in this case a “Cassandra Harvey”), with Smyrna, GA address, Yahoo email and legitimate phone number.
• The next day, we receive an email from the donor with the following info: the $9,000 gift amount was a mistake, it should have been $900. The gift was made in memory of the donor’s late mother (never named) who had a wonderful experience at our college. Further, the original credit card from which the gift was made has been closed due to recent suspect activity and could we refund the $8,100 balance back to another credit card.

Comments

• We were able to refund the money back to the original credit card and immediately notified the credit card company and local police. Upon notifying the “donor” that we can only refund the money back to the original card, she replies that the original account is closed and that we need to use the other card.
• The scammer had done enough research to use specific references to our college to make it appear genuine, although there was considerable broken English in the emails.
• With the flurry of gift activity by our gift processing staff and within the context of providing good customer service to our donors, it could have been easy to overlook normal business rules and refund the balance to that other credit card
• Most likely the originating credit card is stolen, and by having us charge it and then remit most of the funds to another card, we would be “laundering” the funds for the scammer

As if we didn’t have enough to do right now!

Tags: Advancement Services, Fraud, Scam

I hope no one is stoopid or careless enough to fall for something this lame.  Here's the totality of the message.  No graphics, no name, nothin.

Sender: Customer Informer (chdkz@dnco.com)
Subject: It's important!
Text:
Your personal link:
http://vykrd.pillscloud.ru
 

Tags: Spam

This spam is similar to the American Airlines Ticket Order message, but much lamer.  It's addressed to "Dear User", doesn't bother to include a human sender name, doesn't mention an airline or destination, and the link clearly goes somewhere fishy.  In fact, it doesn't even say the charge is for an airline ticket -- maybe I'm taking a cruise.  I don't see any info about the payload and don't intend to find out.

Sender: Ticket Service USA (orders@ticketservice.com)
Subject: Order Confirmation
Text:
Dear User,

Thank you for ordering tickets through our electronic system,
The amount of $749.32 USD was deducted from your credit card '.

Details of your order -

http://www.kominictvicech.cz/xmlrpc/cache/LmsOrder.zip
(a second version linked to http://kominictvicech.cz/xmlrpc/cache/OrderInfo21849.zip)

More information you can find the order entered in your bank account.

Thank you.

Yours sincerely,
Ticket Service USA

Tags: Scam, Spam

Here's another set of spams claiming to come from Inuit.  An earlier batch asked me to provide my tax information.  This batch confirms my non-existent purchases with links to download my order, reorder checks, and submit feedback.  It looks official, with an Intuit logo and nice formatting.  I got 6 variants today, with subject lines:
Your Intuit.com invoice.
Your intuit.com order confirmation.
Your intuit.com order status.
Your intuit.com order.
Your Intuit.com software order.
Your Quickbooks software order.

The senders were:
risk_manager@bbb.org
manager@bbb.org
risk@bbb.org
service@bbb.org

The links in the messages lead to:
http://blossomia.com/intu.html http://blog.fisherfreelance.net/osCommerce/catalog/intu.html
http://shootbackchl.com/personalsecuritystore/intu.html
http://berritxarrak.net/denda/catalog/intu.html
http://extremegadgets.ncdesign.nl/intu.html
http://kerat-in.com/catalog/images/intu.html
http://komputery.weranet.pl/intu.html
http://sumero2.sicakcikolata.com/intu.html
http://new.oldsoccer.it/intu.html
http://beauty-finder.eu/images/intu.html

The text varied slightly but was along the lines of this one:
Dear Customer:

Thank you for purchasing your software Intuit Market. We are processing and will let you know when your order is shipped to you. If you ordered multiple items, we may process them in more than one delivery (at no extra cost to you) to provide faster processing time.

Tags: Scam, Spam

This one's lame, but probably easy for a busy person at a large company to fall for.  I do like the "put on something normal" line.

Sender: HullJAIME@aol.com
Subject: DONT FORGET!
Text:
The meeting with new clients is due today in 17:27. Be in time and put on something normal! Here is the map for you to follow:

map.jpg 226kb (map link leads to http://www.network4b.com/wp-content/uploads/verification.htm?P30QSQ=7YBT1JTD1OLQSCV8&JW023D=O56QQIDYSSX54UE0&)

MD5 check sum: 80729410729eb72b72b729e941ce9e9e
 

Tags: Scam, Spam