… or to be more precise, emails sent at 0519 on a Sunday morning that are offering blog owners the prospect of some easy money. Like this one for example:
I work for a UK based digital marketing consultancy.
We represent clients interested in social media marketing on smaller sites with little or no existing advertising and we’re currently looking for advertising partners.
We will pay a fixed upfront fee which we will agree on with you. Once the ad/link is in place, payment will be made within approximately 48 hours.
Would you be interested in placing a plain text-based link that highly relevant/related to your tenpencepiece.net site? I am looking forward for your reply.
<gmail email address>
Having initally been almost taken in and very nearly contacting them (I’m never properly awake first thing on a Sunday monring), it quickly struck me that it had to be some kind of scam, but I wasn’t quite sure how the scam was meant to work. After all, no-one with a serious offer of money arrives on your website, looks at nothing but the homepage, gives a generic gmail address, uses the following (very odd) google search parameters to find you …
site:.net intitle:a|the|this|our|mine|now|today|yesteday|tomorrow|later|again| never|how|why|what|when|moment|that|more|than intext:”1..1000 comments” “powered by wordpress” -wordpress.com
… and then offers you money less than two minutes later!
A quick check through my server logs against the whois database revealed that the IP address of the visitor belonged to a Malaysian telephone company – so definitely not someone from a “UK based digital marketing agency”. I was concerned – I’d very nearly contacted them as I hadn’t been fully awake!
A quick dig around on the internet suggests the way that the scam operates is as follows:
If you fall for the bait and sell something for $2000, you’ll receive a check for $3000. The perpetrator of the scam will then claim that a mistake was made and ask that you refund $1000 via money transfer.
So you send $1000 via money transfer, which cannot be stopped… and in the end when it finally clears, the $3000 check ends up being a fake.
It’s an old fraud that uses technology for a clever new bit of social engineering.
These messages are being sent to website contact addresses and are including the site name in the body of the message. This results in a message that feels almost personalized and might potentially lower the guard of the recipient.
The information above is reproduced from the F-Secure website. The full version of their advice is here.
So to any other bloggers who receive something similar – beware! I like to think of myself as being reasonably alert to these kinds of scams, but early on a Sunday morning these fraudsters almost caught me out.