Thanks for all the phishing in 2013


I am thankful that I’m incapable
Of doing any good on my own
I’m so thankful that I’m incapable
Of doing any good on my own
From Thankful by Caedmon’s Call

In 2009, the first year of this blog, in honor of Thanksgiving here in the USA I posted an entry about some things I would have been thankful for in 2009. If they were even remotely true. I’m a collector and, dare I say connoisseur, of Nigerian 419 style phishing messages. Since then it’s become an annual event. So without further ado, here is a sampling of my favorites from 2013. The things I’m thankful for.

I’m thankful for old business associates from past, failed scams who saved my cut for me, despite the fact that I have no recollection of those events.

From: Barrister Benson <>
Sent: Wednesday, November 27, 2013 10:52 AM
To: Recipients

How are you with your family? I hope fine. I’ m happy to inform you about my success in getting those funds from BOA (Bank of Africa) transferred under the cooperation of a new partner from Venezuela, Presently i’m in Venezuela for investment project, meanwhile I didn’t forget your past efforts to assist me in transferring those funds despite that it failed us some how. Now contact my secretary in Benin Republic West Africa through his e -mail id ( ) ask him to send you the A.T.M  VISA CARD worths sum of ($850,000.00 US Dollars) which I kept for your compensation for all the past efforts and attempts to assist me in this transaction. so feel free and get in touch with my secretary Mr.Mike Horton  he will send the A.T.M to you.
Barrister Benson

I’m thankful for people who die with enormous amounts of money floating around in dormant accounts with no heirs.

From: Creg Badmus <>
Sent: Friday, August 2, 2013 1:39 PM
Subject: Hello Dear.

Private Banking Division
HSBC Banking Corporation.

Greetings with due respect ,

Before I introduce myself, I wish to inform that   this letter is no hoax so I urge you treat with respect and endeavour to observe utmost discretion in all matters concerning it.My name is Mr.Creg Badmus ,accountant with Private Banking Division of (World’s Local Bank) HSBC in this regional branch . I  have secured and protected transaction record of $9.8 Million US dollar discovered floating in a dormant account,without documented evidence of next of kin.The HSBC will release and transfer to account you will provide within seven working days under active partnership with my insider role.

This  is possible only if you trust and  willingly capable to work in confidence .More details shall be given to you as soon as you indicate committed interest with full data. This Proposal however is not mandatory nor in any manner compel you against your wish,I suggest you call on my private phone number but if you  feel uncomfortable ,please ignore.I need your strong assurance that you will never let me down,I guarantee that this will be executed under legitimate arrangement that will protect you from any breach of the law.

Yours Sincerely,
Mr Creg Badmus.
+60 1126394325.

I’m thankful for opportunities to take part in war profiteering for fun and profit.

Sent: Monday, September 2, 2013 7:23 PM
Subject: Look Good Here

Do you wish to become rich due to armed conflicts? It`s right time to do it. Just as the first bombs descend to Syria,
petrol prices will move up just as MONARCHY RESOURCES INC. (M O_N K) stock price! Go make $$$ on September, 3rd,
get M O_N K shares!!!

I’m thankful for the opportunity to literally remake myself into someone new.

From: Travelling Documents <>
Sent: Tuesday, March 5, 2013 2:21 PM
Subject: Passports, Driver’s Licenses, ID Cards, SSN Cards, Birth Certificates

Selling Passports, Driver’s Licenses, ID Cards and Birth Certificates
Erasing Criminal Records (Finger print and Eyes Scan)
Get your self a new identity with the highest security and discretion.
Highest Quality, Extrem Security and International Delivering
If you are interested contact us to

Best Regards
Travelling Documents

What a fortuitous combination of offers! First my old buddy Barrister Benson was kind enough to save my $850,000.00 US Dollars cut from BOA (Bank of Africa) by way of Venezuela deal that went south. Then an accountant in a branch office of Private Banking Division of (World’s Local Bank) HSBC who, no doubt got my name from Barrister Benson who was feeling bad about that BOA deal wants to cut me in on $9.8 Million US dollar – which he guarantees will be executed under legitimate arrangement that will protect me from any breach of the law although the “Hello Dear” subject is a little creepy (Creg, dude, I don’t swing that way). And then the semi-anonymous offer to invest in MONARCHY RESOURCES INC. (M O_N K) for a bit of petrol war profiteering and finally the good folks at Travelling Documents provide me a way to dash away with all that loot. Hey – they must be legit with that address, right? I mean, what could possible go wrong?

I’m thankful for companies who alert me to arrest records, financial aid notifications and credit score updates

From: |Attention| <>
Sent: Monday, June 24, 2013 2:28 PM
Subject: Arrest-Records for [your email here] {Mon, 24 Jun 2013 15:28:10 -0500}

Arrest- Records for [your email here] {Mon, 24 Jun 2013 15:28:10  -0500}

Click-to – View

pls- end- mssgs
1741 W Corona Ave
Phoenix, AZ 85041

From: 2nd-Attempt <>
Sent: Monday, June 24, 2013 2:17 PM
Subject: Financial-Aid Notification for [your email here] [Mon, 24 Jun 2013 15:17:26 -0500]

Financial – Aid Notification for [your email here] [Mon, 24 Jun 2013 15:17:26  0500]

pls- end- mssgs
1741 W Corona Ave
Phoenix, AZ 85041

From: [Second-Request] <>
Sent: Monday, June 24, 2013 2:23 PM
Subject: Score-Updates for [your email here] [Exp/TransU/Eqfx] Mon, 24 Jun 2013
15:22:47 -0500

Score- Update for [your email here] [Exp/TransU/Eqfx] Mon, 24 Jun 2013 15:22:47 -0500

View Your Documentation

pls- end- mssgs
1741 W Corona Ave
Phoenix, AZ 85041

How about that? A one-stop phishing shop for all your fake alert needs! But wait – it gets even better:

I’m thankful for (the same) company who sends me gift cards from Wal-Mart  and Wendy’s.

From: WAL-40993-01 <>
Sent: Monday, June 24, 2013 1:42 PM
Subject: Someone just sent you a Wal-Mart Card [1000USD]

Someone just sent you a Wal – Mart Card [1000USD]

pls- end- mssgs
1741 W Corona Ave
Phoenix, AZ 85041

From: WEND-773662801-1
Sent: Monday, June 24, 2013 2:19 PM
Subject: Your $50 Wendy’s Card [Mon, 24 Jun 2013 15:18:51 -0500]

Your $50 Wendy’s Card [Mon, 24 Jun 2013 15:18:51 – 0500]

pls- end- mssgs
1741 W Corona Ave
Phoenix, AZ 85041

How sweet is that? The same Phoenix, Arizona USA address for all those different companies and email addresses! In case you were wondering, the alert links all go to and the gift card links all go to Maybe it’s outsourced phishing.

I’m thankful for politicians who request permission to keep me personally informed – even though I’m way outside their district.

From: Congresswoman Cheri Bustos
Sent: Thursday, November 14, 2013 2:14 PM
Subject: Requests Your Permission

Congresswoman Cheri Bustos would like to email you periodically regarding legislative issues in
Congress that are vital to you, your family, and the 17th District of Illinois.

Receiving this information by email is a fast and efficient way to learn more during these
significant times and will provide you with timely information and important news.

Email is part of an ongoing effort to keep constituents informed and engaged. If  you would prefer
not to receive these email messages, please click here .

Best Wishes,
Congresswoman Cheri Bustos
1009 Longworth HOB
Washington, DC 20515
(202) 225- 5905

Who knew that the federal government was reduced to issuing congresswomen email addresses. Ah, such sad fiscal times are these.

I’m thankful for banks that alert me to automatic transfers with handy attachments containing nasty surprises.

From: Ricardo Duffy <>
Sent: Monday, February 25, 2013 5:52 AM
To: [Whole bunch of email addresses in the clear]
Cc: [Whole bunch of email addresses in the clear]
Subject: Automatic transfer notification
WIRE transaction is completed. $3302 has been successfully transferred.
If the transaction was made by mistake please contact our customer service.
Receipt of payment is attached.

*** This is an automatically generated email, please do not reply ***

Attachment: payment -> Contains: payment receipt.exe -> Contains: Backdoor.Agent.RS malware

From: Payment notification system <> Sent: Thursday, February 21, 2013 11:44 AM
To: [Whole bunch of email addresses in the clear]
Cc: [Whole bunch of email addresses in the clear]
Subject: Automatic transfer notification
Importance: High
WIRE transaction is completed. $962 has been successfully transferred.
If the transaction was made by mistake please contact our customer service.
Payment receipt is attached.

*** This is an automatically generated email, please do not reply ***

Attachment: payment receipt – -> Contains: payment receipt – 884993762994.exe -> Contains: Backdoor.Androm malware

I’m thankful for banks that notify me with credit card statements and unauthorized access notices with handy forms containing surprise destinations.

From: Citi Cards <>
Sent: Friday, December 14, 2012 4:17 AM
Subject: Your Citi Credit Card Statement

Add to your address book to ensure delivery.

Your Account: Important Notification
Your Citi Credit Card statement is ready to view online

Dear customer,

Your Citi Credit Card statement is now available for you to view online. Here are some key pieces of information from
your statement:

Statement Date:  December 13, 2012
Statement Balance:  -$9,676.80
Minimum Payment Due:  $355.00
Payment Due Date:  Tue, January 01, 2013

Want help remembering your payment due date? Sign up for automated alerts such as Payment Due reminders with Alerting Service.

This form contains mostly fraudulent links, including many of the graphics which are primarily from;
The money links (i.e. where your money will go if you click them) are these:

From: <>
Sent: Friday, November 8, 2013 3:09 PM
Subject: Unauthorized Access Notice
Attachments: Citibank.html
Trouble reading this? Add alerts@al to your Address Book

We recently have determined that different computers have tried to log on to your Online Banking account and multiple
password failures were present before logons.

We now need to re-confirm your account information   with us.

Please download and open the document attached to this e-mail in order to verify your records. Please follow the
instructions from the document.

If this is not completed by November 10, 2013 we will be forced to suspend your account indefinitely, as it may have
been used for fraudulent purposes.

PLEASE NOTE: This is a mandatory measure. Failure to verify your records will lead to permanent service suspension.
After verifying your records you will be able to use your account as usual.

We thank you for your cooperation.
This Alert was sent according to your account settings; please do not reply to this message. Please do not contact us
directly as this issue is mainly processed by the Online System.

Attachment: payment receipt – 884993762994
This attachment is a web form that is almost completely sourced from – except for this little gem:
<input name=”submit_to” value=”,” type=”HIDDEN”>

I’m thankful for lovelorn ostensibly Russian beauties like NastyaOlga 1 and Olga 2 who are dying to meet me.

From: Anastasia <>
Sent: Monday, May 20, 2013 6:53 AM
Subject: How are you??
How is it going?? I’m Nastya. i look for a second half! I love travelling and pottery. Send me mail. Yours, Nastya!

From: Olga <>
Sent: Monday, February 11, 2013 11:39 AM
Subject: I wait for the answer
You have drawn my attention to a site of acquaintances. I hope, as I shall like you. How I to you in a photo? The truth –
pretty?:) But in a life I more nice!!!
And as I cheerful , kind, sociable and fluffy! I like to go in for sports, read books, to listen to music. I love winter and
summer. I do not love spring and slush.
If I have interested you, with pleasure I shall tell about myself more in the following letter.
I wait for the answer on

From: Olga Ivanova <>
Sent: Monday, February 4, 2013 12:00 PM
Subject: your profile to produce on me greater impression
hello webjoseph!

how are you today? What is your name?
my name is Olga, You frequently are on this site ?
I today wanted to talk to you in a chat
You have yahoo or hotmail ID? if you write to me, ok?
I shall wait from you the letter with impatience


Wow! What a hard (sic) choice to make. I mean, with a name like Nastya how can I go wrong? And she’s looking for a second half – just like the Broncos! But Olga 1 is charming in a sort of can’t-figure-out-Google-Translate kind of way as well as cheerful, kind, sociable and fluffy. Maybe she’s a cat. But apparently Olga 2 is familiar with my devastating charm and rapier wit from my profile on Oddly I can’t actually remember ever going to that site, much less setting up a profile. Oh well that’s one of the downsides to living fast and not dying young.

I’m thankful for kind people who win big lottery prizes like Allen and Violet and Dave and Angela who want to spend those millions making me rich.

From: Allen & Violet Large <>
Sent: Thursday, March 21, 2013 1:09 PM
Subject: Generous Act
Dear Sir/Madam

This is my seventh time of writing you this email. My wife and I won a Jackpot Lottery of $11.2 million in July and have
voluntarily decided to donate the sum of $1,000,000.00 USD to you as part of our own charity project to improve the lot
of 5 lucky individuals all over the world.

If you have received this email then you are one of the lucky recipients and all you have to do is get back wit h us so that
we can send your details to the payout bank.

You can verify this by visiting the web pages below. -canada -11699678

Good Luck,
Allen & Violet Large

From: Dave and Angela Dawes <>
Sent: Tuesday, August 20, 2013 10:53 AM
Subject: Happy Celebration In Advance
Dear Lucky Recipient,
You are receiving this message because my wife and I have listed you as one of our lucky selected millionaires of 1.5
million Pounds. If you are wondering how you were selected, we Utilize the service of website and search Engine That
Gives away cash prizes to help in the selection.
To Verify the genuineness of this email, watch our interview by visiting this web page so That You can be 100% sure That
You Have Not received an email hoax kindly click here -jackpot -winners-Dave-and -Angela -Dawes -to -give -millions-to -friends -and -family.html
Kindly Provide us with the below requested information, so that we can issue your draft.
Zip Code:
Happy Celebrations in Advance,
Dave-and -Angela -Dawes.

I’m thankful for all of the swell job offers like Consumer Service Critic, Mail & Package AssistantShipping/Receiving Clerk and Tour Manager all from the comfort of my home.

From: Joseph webster
Sent: Monday, April 22, 2013 2:40 AM
To: Webmaster
Subject: Consumer Service Critic
MCA -LOGISTICS INC.™ is currently drafting a LIMITED sum of VALUE CRITICS .

MCA -LOGISTICS INC® is a public survey company that uses analyticalShopping to measure the manner of service
It’s an advent to amass definitive perception about products and services.

We work with some of the largest, popular businesses in the America; from Banks to Fast Food to Petroleum,
Technology, Fashion retailers, and others more.

You will be employed to conduct an all charges paid survey and opinion task on behalf of MCA -LOGISTICS INC.
As our EVALUATIOR/ANALYTICAL clientele, you will be askedto POSE as a normal consumer while going to different places of work.
You’ll be required to discharge exact under- taking such as obtaining a merchandise or utilizing a service.
Your task will be to assess and measure the virtue of retail services rendered.
You’ll covertly evaluate their customer service while appearing as a normal customer When you’re done, you will be expected to fax your EVALUATION RECORDS (which we will provide to you) to us and then you will get paid for your opinions .
That is all there’s to it !

Peculiar expertise are not required for this task.
If you became interested in the vacancy, please reply to with the following informations:

Your name,complete mailing address,telephone and email address.

We will send you the details and the employment contract.

*****MINIMUM AGE DEMAND IS 30 YEARS************ Matured ANALYZERS ONLY, due to sedulity.

MCA -LOGISTICS INC. ©1992-2013

From: Joseph webster
Sent: Thursday, May 2, 2013 12:41 AM
To: Postmaster
Subject: Easy, fast, profitable
My name is Michael Watson, I’m Hiring Manager with Royal Mail 4 Delivery, Inc. I lately reviewed your CV with great
interest and I think that you may possess the experience needed prescribed for an occupation with our company.
You may see into this work as a part – time one or as an another earning and profit. I can mail you in more detail
description of Mail & Package Assistant per your letter of inquiry through email.
Please, do not hesitate to ask me any questions.
Thank you for the provided opportunity.

Yours faithfully,
Michael Watson
Royal Mail 4 Delivery Inc.

From: Joseph webster
Sent: Sunday, January 20, 2013 10:39 AM
To: AOL Users; Webmaster
Subject: EU deliveries is hiring
EU Deliveries is employing for the position of Shipping/Receiving Clerk.
We have many years of experience transportation individual parcels, papers and heavy cargo and have become pleased associates with USPS, UPS and FedEx.
As a Shipping/Receiving Clerk, you will be working from home. We suppose
our Shipping/Receiving Clerk to conduct the next activities:
– Suggesting our purchasers with the best level of buyer assistance service possible;
– Supervising and monitoring customer’s package sending operations; –
Keeping records of the processed pa ckage and mail Your typical daily tasks will contain:
– operating with a remote helpdesk (it helps to schedule your daily work, send message to otherteam members, download and share project documentation and other materials);
– answer client emails and calls.
Salary and remuneration:
– usd 40000 yearly (paid in parts, every month).
– Working hours: 9AM – 5PM Mon – Fri
In order to apply for this position, please email us a copy of your most recent CV. We will check the submitted information and call back you in 1 -2 business days to tell you about the status of your application.
Bruce Grossman, EU Deliveries Human Resources dpt.

From: Joseph webster
Sent: Monday, March 4, 2013 6:51 AM
To: Postmaster
Cc: Administrator
Subject: Work for those who wishes to earn money

Our company, Grand Tour tourist agency offers you a part-time position of a Tour Manager. We are one of the largest 10 travel agencies in Europe, we also work with t he United States.

At this moment, our firm is searching for interested individuals who will be able to become our reps in the USA. So this ad is only for people with the USA citizenship or a work permit. Your main role will be providing support for our clients from the United States, while they are voyaging in Europe.


– Basic skills with PC, including e-mails and word processing;
– Must be able to multi-task;
– Must be at least 19;
– High School Diploma or a college degree is a benefit.

Your pay will be usd 4000 monthly according to the work plan that should be executed. For further details, please write us at: . Upon receiving your message, we will forward you all the required
information to get acquainted with.

Yours sincerely,
Laura Pennington
Grand Tour

Wowzers! I had no idea you could be a Tour Manager or a Shipping/Receiving Clerk with no experience. From home. In your skivvies (OK TMI). But the really interesting thing about these offer letters is that they all appear to have been generated from the same faulty template. Note that the emails are always From: Joseph webster with different spoofed email addresses. Oh well, they just got several of the properties mixed up. Or maybe not, after all Michael Watson thanked me for the provided opportunity. You’re welcome, Mike. It was nothing. No really.

So there you have it – my list of stuff that I would be thankful for if they were even marginally real.

How to write headline commentary in 2013

Way back in 2009 I posted an entry about the great headline commentary in the [CodeProject] daily news. Once again those CodeProject editors have done their snarky best. And no, they have definitely not mellowed with age. The following are some of my favorites from 2013 curated and categorized for your further edification.

Because the Bible tells me so

Why the Bar Code Will Always Be the Mark of the Beast
And when he had opened the fourth seal, I heard the voice say, “Attention shoppers….”

Google patent: Throat tattoo with lie-detecting mobile microphone built-in
“And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name.”

How the Bible and YouTube are fueling the next frontier of password cracking
And The Lord set his password to p@ssw0rd, and there was much gnashing of teeth and rending of cloth

Python. Monty Python.

If You Can’t Do Email Validation Right…
No one expects the Spanish@Inquisit.ion.

The hollow triangular numbers are divisible by three
Then, shalt thou count to three. No more. No less. Three shalt be the number thou shalt count.

Obligatory Star Wars references

Samsung Demos a Tablet Controlled by Your Brain
I felt a great disturbance in the Force, as if several emails had just arrived.

(Open)VMS – the end of an era
Join me, Windows NT, and together we can rule the galaxy as father and son.

Obligatory Star Trek references

The Bounded Gaps Between Primes Theorem has been proved
Proving the prime directive: Kirk + Green alien women do not appear in sequential Star Trek episodes.

Surfing the memes

Protect Yourself From SQL Injection
Those who cannot remember the past are condemned to DELETE FROM Employees

SimCity mod demonstrates the possibility of some form of indefinite offline play
Sharks with frikin lasers attached to their heads add-on can’t be far behind.

You don’t need every customer
1 star. Unfunny subhead. Needs more cowbell.

They’re killing the PC
Then that means all those computers in the office… They must be the undead!

Binary Integer Programming With Python
Step 2: make sure optimization errors do not accidentally cause zombie apocalypse.

What the meaning of is is
I did not have NULL relations with that variable.

Google’s Quantum A.I. Lab adds quantum physics to Minecraft
Use it to build a cat

Great news! Engineers aren’t psychopaths (but CEOs are)
“I’m not a psychopath, I’m a high-functioning sociopath. Do your research.”

Enough LOLCATS already

The One Tip That Will Help You Learn To Code 10x Faster
Curiosity killed the cat. So did looking at animated GIFs of cats. Only more slowly.

More data storage? Here’s how to fit 1,000 terabytes on a DVD
Removing cat photos and animated GIFs reduces the problem significantly.

The year of the Linux … something

9 Things That Are Never Admitted About Open Source
One thing we can agree on: “next year” is always the year of the Linux desktop.

Ubuntu for Phones – Analysis for Potential and Visual Breakdown
Oh, great. 2013 will be the year of the Linux desktop *and* phone.

How to: Steam on Linux (Debian 7.0)
The year of the Linux GAMING desktop!

Why Is The International Space Station Switching From Windows To GNU/Linux?
This is finally the year of the Linux space station.

Data in the driver’s seat
This could be the year of Linux on the dashboard.

Dear Linux, I’m leaving you — for Windows 8
I guess last year was the year of the Linux desktop… and we missed it.

Life in tech world

Brace styles and JavaScript
Pro tip: when someone pays you to write code for them, use whatever style they prefer.

First Impressions: the TECK Ergonomic Mechanical Keyboard
Ergonomics is Latin for “You won’t get any work done for weeks.”

Kids, don’t believe the startup hype: Why you should join a big company first
You’ve got to ask yourself one question: Do I like ramen?

Universities fail to offer essential programming skills like Cobol
There’s also worryingly low enrollment in Conversational Latin.

On false dichotomies and diversity (in tech conferences)
In an industry where 27–29% are female, if you manage to get a speaker line-up with 0% female speakers, you have a bias.

How to work with software engineers
Free donuts works for me. What’s your trick?

The Tech Industry’s Darkest Secret: It’s All About Age
Youth and enthusiasm is cheaper than age and experience. In the short run.

Study: Most CEOs lack vision, leadership on new computer tech
In related news: IT workers shocked (that a study got something right)

The Machine-Readable Workforce
Thank you for applying. According to our algorithms, you’re fired.

6 predictions for the future of tech from Google exec Eric Schmidt
Bonus prediction: an important update will begin just when you need to do something else.

Microsoft’s revamped Kinect for Xbox One will also come to Windows next year
The new Ctrl+Alt+Delete: Wave, Swipe, Raise the roof, Jump to the left, Stick it, Glide

Live in a dev world

Announcing Topaz: A New Ruby
A Ruby clone, written in Python, based on a Ruby port… um, OK.

jQuery made me become a programmer
Think of jQuery as a gateway “language”… pretty soon they’ll be coding the hard stuff.

The Definitive Reference To Why Maybe Is Better Than Null
Schrodinger’s Type: Maybe it’s there. Maybe it’s not.

Like a good scotch, developers get better with age
Even better? A developer drinking scotch

Almost Flat Design
Next up: abstract expressionist interfaces. Click wherever you like. It won’t mean anything.

Frame of Reference — The real issues at the heart of modern interface design
The skeuomorphic of today is the hieroglyphic of tomorrow.

What makes Java developers more productive?
Two quarts of French Roast, and a #18 needle

9 Fallacies of Java Performance
“Sophisticated platform” typically means “I have no idea how it works.”

What’s in a name?

What comes next after Windows 8.1?
Windows 2014 RT CE RTFM IX, Ultraviolet Edition

Nokia shareholders approve Microsoft deal
One step closer to “Windows Phone 9 360, Powered by Nokia Lumia Technology”

Close enough for government work

Fork the government (before they fork you)

Security hole in exposed user email addresses
/face palm Someone get little Bobby Drop Table to log in website ‘didn’t have a chance in hell’
Too big to succeed (500 million lines of code?!)

Nations Buying as Hackers Sell Flaws in Computer Code
First we get Moose and Squirrel, then conquer World.

Exciting stuff someone might want

Does Anyone Actually Want a “Facebook Phone”?
I’m holding out for a Twitter pager.

Facebook’s “Phone” Is Another Triumph of Mediocrity
The genius of the Facebook phone is that the company made a phone without making a phone at all.

Microsoft may give smartwatches another try
Even a stopped clock is right twice a day… except when it’s digital.

Almost every major consumer electronics manufacturer is now working on a smart watch
In other news, hardly anyone actually wants a smart watch.

New wave Wi-Fi: Wireless underwater Internet in the works
Good news for all twittering SCUBA divers

Mozilla Appmaker
Apps made by apps that allow anyone to build apps should be used by no one

IBM has a new protocol (and a box) for the internet of things
An Arduino can do this, but no one was ever fired for buying IBM.

Security is in the eye of the beholder

Should websites be required to publicly disclose their password storage strategy?
“Robust” means storing them in plain text behind a website riddled with XSS and SQL injection.

Obscurity: A Better Way to Think About Your Data Than ‘Privacy’
It’s difficult to protect your privacy from your own oversharing

How Secure Are Windows Store Apps?
I’m skeptical of the inherent security of a security model that requires constant updates.

Microsoft account to get two-factor authentication soon
Your password must contain a capital letter, a number, a haiku, a toad’s foot…

Eric Schmidt calls Android ‘more secure than the iPhone’
And by ‘secure’, he means, ‘makes me more money”

Just between you and me. And the NSA.

Confirmed: The NSA is Spying on Millions of Americans
Dear NSA, please tell me which phone/data plan best suits my usage patterns

Microsoft Finally Offers To Pay Hackers For Security Bugs With $100,000 Bounty
As a bonus, you’ll also be included in an exclusive list of hackers watched by the NSA.

Google’s Schmidt: NSA spying on data centers Is ‘outrageous’
Yeah, everyone knows they should only be spying on cell phones (and browsers, and …)

Apple releases report on government requests for user data, ‘strongly’ opposes US gag order
“If you are on a list targeted by the CIA, you really have nothing to worry about. If however, you have a name similar to somebody on a list targeted by the CIA, then you are dead.”

Tweaking the corporate giants

How to check if your Adobe account was compromised
Or use this handy guide, “Have you ever signed into the Adobe site?”

Core Rot at Apple
No mystical reality distortion field controls my destiny. It’s all a lot of simple tricks and nonsense

Defective Dell Latitude 6430u notebooks ‘smell of cat urine’
It’s the new corporate scent, now that they’ve gone private

In Nook, Microsoft sees a chance to compete against Amazon and Apple
A nook can’t read so a nook can’t cook, SO… a Surface with Nook might be a good hook.

Plan your digital afterlife with Inactive Account Manager
Welcome to the Past Lives Pavilion…. brought to you by “Google Death.”

A close look at how Oracle installs deceptive software with Java updates
We’ve secretly replaced the fine Java they usually serve with insecure browser toolbars. Let’s see if anyone notices…

Oracle database costs are driving firms to Postgres, says EnterpriseDB
And in related news, the CEO of Oracle was seen sailing his 88m yacht to his island (Lanai, most of it anyway)

Don’t be the One

Cos I don’t wanna be the one
Only overjoyed
Yeah, I don’t wanna be the one
Making all the noise
Yeah, I don’t wanna be the one
From Be The One by The Ting Tings

In the last post the topic of  safe web browsing was discussed as an attempt to update earlier advice from circa 2008. So that should keep you safe on the internet. Right? Sorry. Unfortunately, browsing the web is only half the story. The other, and arguably more dangerous half, is the part where you are automatically directed to web sites by emails, SMS texts, QR codes and nowadays NFC tags. Most of the time these automated links are desirable and very convenient like when you want to find out about a new product or go directly to your bank site to check on your accounts. But what happens when the originator of these convenience links is a malicious impostor? In other words the email, SMS, QR code or NFC tag is a phishing attack. This can be especially serious when the phisher is pretending to be your bank. Because the payoff is potentially large, these fake requests from your bank can look pretty convincing. This post from Rob Waugh at the WeLiveSecurity blog puts it this way.

Technologies change, but cybercriminals will always dream up new ways to fool you into handing over your bank details – whether via phishing emails, SMS or by phone.

These days cybercriminals will use phone calls, SMS messages, emails – and even couriers – in an effort to get your money.  Many of these attacks can seem very convincing – at least at first.

To mash up P.T. Barnum, who is often credited with saying “There’s a sucker born every minute” and The Matrix, “You are the One, Neo“, [just go with me here] how do you avoid being the One? The key is to recognize stuff your bank will never do. Again from the WeLiveSecurity post:

The key to staying safe is to recognize behavior that isn’t quite “right”. Here are ten things a bank will never do – but a fraudster, phisher, or thief will.

Text you asking for details to “confirm” it’s you

Your bank may well text you – for instance to confirm a transaction on PC – but bank texts will not, ever, ask you to confirm details, or for passwords in a text. Banks also won’t update their apps in this way. If you’re suspicous, don’t click links, don’t call any numbers in the text. Instead, call your bank on its “normal” number.

Give you a deadline of 24 hours before your bank account erases itself

Many legitimate messages from your bank will be marked “urgent” – particularly those related to suspected fraud – but any message with a deadline should be treated with extreme suspicion. Cybercriminals have to work fast – their websites may be flagged, blocked or closed down rapidly – and need you to click without thinking. Banks just want you to get in touch – they won’t usually set a deadline.

Send you a link with a “new version” of your banking app

Your bank will not distribute apps in this way – instead, download from official app stores, and ensure yours is up to date.

Use shortened URLs in an email

Cybercriminals use a variety of tricks to make a malicious web page appear more “real” in an email that’s supposedly from your bank – one of the most basic is URL-shortening services.

Send a courier to pick up your “faulty” bank card

The courier scam is a new one – your phone rings, it’s your bank, and they need to replace a faulty bank card. One of the new services they offer is courier replacement – and the bank tells you that a courier will arrive shortly to collect the faulty card.  A courier turns up, asks for your PIN as “confirmation” – and your money magically vanishes.

Call your landline and “prove” it’s the bank by asking you to call back

A common new scam is a phone call from either “the police” or “your bank”, saying that fraudulent transactions have been detected on your card. The criminals will then “prove” their identity by “hanging up” and asking you to dial the real bank number – but they’ve actually just played a dial tone, and when you dial in, you’re talking to the same gang, who will then ask for credit card details and passwords.

Email you at a new address without warning

If your bank suddenly contacts you on your work address or any other address than the one they usually use, this is [not right]. Banks will not add new email addresses [for you on their own].

Use an unsecured web page

If you’re on a “real” online banking page, it should display a symbol in your browser’s address bar to show it’s secure, such as a locked padlock or unbroken key symbol. If that symbol’s missing, be very, very wary.

Address you as “Dear customer” or dear “”

Banks will usually address you with your name and title – ie Mr Smith, and often add another layer of security such as quoting the last four digits of your account number, to reassure you it’s a real email, and not phish. Any emails addressed to “Dear customer” or “Dear [email address]” are instantly suspicious – often automated spam sent out in vast quantities to snare the unwary.

Send  a personal message with a blank address field

If you receive a personal message from your bank, it should be addressed to you – not just in the message, but in the email header. Check that it’s addressed to your email address – if it’s blank, or addressed to “Customer List” or similar, be suspicious.

Email you asking for your mother’s maiden name

When banks get in touch – for instance in a case of suspected fraud – they may ask for a password, or a secret number. What they won’t do is ask for a whole lot more information “to be on the safe side”. If you see a form asking for a large amount of information, close the link and phone your bank.

Remember this, grasshopper: your bank already has your money so they aren’t that interested in spending any of theirs on unexpected communication with you – particularly something like courier services. The bad guys, on the other hand want your money and are willing to invest a little and try phishing thousands or millions of potential suckers hoping to find the One big payday. Your mission, should you decide to accept it, is to not be the One.

Note to self: Ease up on old TV and get out more.

Safe web browsing in 2013


Back in 2008 and 2009 I did a series of posts about how real people (like your mom) could navigate the dangerous and unforgiving realm of the internet more or less safely. In this entry entitled Security ideas for your mom part 2 web threats were discussed. Circa 2008.

Web surfing risks include cyberfraud, downloaded malware, malformed images, malicious active content, leakage of personally identifiable information (e.g. some web sites will collect personal information from you in exchange for some goodie – and then sell it to spammers or phishers) and privacy invasion (e.g. tracking your surfing habits). It should be noted that your web surfing habits have a dramatic impact on the risk you incur. Specifically if you intend to visit adult (porn) or warez (pirated software) sites your risk is increased exponentially. Whereas reputable sites like legitimate shopping sites or wikipedia are relatively low risk, a trip to the typical warez site can almost guarantee several of the above threats being real and present. So the moral of this story is don’t even think about stealing software or surfing for porn unless you really know what you are doing and take extreme measures well beyond the scope of what I’m going to tell you about in these posts.

And in this post entitled Security ideas for your mom revisited some possible actions mom could take were discussed. Again circa 2008.

Use different web browsers for different purposes. Use Internet Explorer for your banking and financial sites, and no other sites. Use Firefox, Opera, Safari, Chrome or even another copy of IE for your social networking and casual surfing. I recommend IE for banking and insurance sites because they tend to work best (or only) with IE. Social sites, on the other hand tend to favor Mozilla (Firefox) or Webkit (Safari and Chrome) browsers. Sharing bookmarks is not hard and if you really want to share between multiple social browsers, get a account.
If you download software get a disposable virtual environment. Downloading anything from the web and installing it on your PC is risky business, even if it is from a reputable site, but it can be catastrophic if your tastes run to the wild side. A fair portion of it is infected with malware, malicious or just plain bad. What you need is a virtual environment where you can download this stuff, install it and try it out before you commit it to your real environment. This can be done a number of ways. Virtualization software like VMware and Parallels allow you to create virtual machines that are exactly that. If you trash one, you just delete it and move on. The downside, as you can well imagine, is that virtualization software requires a lot of resources (i.e. a very powerful computer) and it’s not trivial. There is another kind of software that you can use to accomplish this: sandbox software. Basically a sandbox sets aside a place on your computer where programs can play nicely, isolated from everything else. Using this kind of software, you can run any program “sandboxed”. Then if it blows up, or simply tuns out not to be what you wanted, you just clean out the sandbox. If you do happen to decide that you want to keep your changes for real, you can recover everything to your computer.

And in this post entitled Safe web browsing the series wrapped up with specific thoughts on how a real person could implement the dandy ideas discussed in the earlier posts, this circa 2009.

Use an application that brings up one and only one web site in a browser window. If you think that’s too complicated, you can achieve the same thing by simply designating one browser for use in only specific situations. For example, use Internet Explorer for doing your online banking and use Firefox for checking Facebook. The important point is that you stick to this religiously, i.e. never, ever use your online banking browser for anything else. Period.
My wife just got a new iMac when her PC bit the dust. I figured that the easiest way to transfer her data from the old PC to her new mac, especially since the laptop was toast, was to convert a current disk image from her PC into a virtual machine. She got VMWare Fusion for her iMac and was able to run the VM version of her old PC right on her iMac. During this process she discovered that some of the sites she uses, particularly government sites, just don’t work correctly under Safari, but they work just peachy under Internet Explorer. There was some fairly complicated steps involved in setting up VMware and converting her physical PC to a virtual machine, but now that it’s done she uses it all the time.

What a difference 5 years makes! Let’s take the highlighted points in order, shall we? Yes we shall. Incidentally, in case you were thinking that the snarky style of this blog had improved in 5 years, you were wrong. I’m just saying.

  • Web sites will collect personal information from you and track your surfing habits, then sell it to spammers or phishers.

While this is still true, it is now pervasive on the internet. In fact, this is the primary source of funding for social networks and search engines. But I repeat myself since there are no pure “search engines” and pretty much everything has social network components – right Google? What has changed is that spammers and phishers are no longer the primary customers of this rich privacy violative [that’s Customs and Border Protection (CBP) lingo, not a real word] harvest. Nowadays it’s the NSA and law enforcement agencies who are buying and using it, not to merely annoy us but to nominally protect us from terrorists. I suspect it really has a lot more to do with fishing expeditions being way easier than actual spy craft and investigation, not to mention legal (sort of) since the Patriot Act.

  • Don’t even think about stealing software or surfing for porn unless you really know what you are doing.

While this is still true, the far greater threats these days come from legitimate sites that are not technically savvy enough to protect themselves from being hijacked. Sadly the poster children sites for this are charitable and church web sites, who typically get their web technical expertise from volunteers. Whereas porn sites are businesses who can’t remain viable if they allow someone else to siphon off the juice. Who would have imagined that in 2013 you would be safer going to “” than “” [Not real web sites, I made up those names. No, seriously.]

  • Use different web browsers for different, specific purposes. Banking and insurance sites tend to work best (or only) with IE. Social sites tend to favor Mozilla (Firefox) or Webkit (Safari and Chrome) browsers.

While this is still in theory a great idea the problem is that most folks do their web surfing from mobile devices these days and as a result any site that wants traffic goes mobile or goes away. There  are a plethora of browser choices for most mobile platforms – excluding Windows Phone which still limits you to IE [actually nobody has stepped up with a decent port of anything else yet] – but it’s a serious pain in the buttocks to use multiple browsers on a smart phone, not to mention that the one that ships with it, crapware and all, is usually the best choice anyway. Except Android devices where no one in their right mind would use the standard Android browser. Also the browser landscape has changed rather dramatically in the last 5 years. Internet Explorer (IE) has been steadily declining even while it has improved dramatically with respect to security. Chrome has boomed due to it’s ease of use and real portability. Chrome is everywhere (except Windows Phone). Like lint. Unfortunately, out of the box, or rather out of the install download, it seems purpose built to transmit as much PII surreptitiously to Google as possible. And good ole Firefox, keeps plugging along and seems generally more interested in security and privacy than the others. Unfortunately their usability often suffers as a result. But you forgot Safari, you’re thinking. No, actually Apple did that. Safari is only relevant on OS/X and iOS devices and then only marginally. Bottom line is that if you want a browser you can use on your mobile device(s) and your desktop and have all of them play nice together you have 2 choices:

  1. Chrome running everywhere.
  2. Windows 8 on your desktop, Win 8 RT on your tablet and Win 8 Phone on your smartphone.

And no, I didn’t forget Mac and iOS devices running Safari because Safari doesn’t play nice anywhere. Sorry Apple fanbois, face the facts.
But the real change here was that this idea morphed into the browser as operating system. In other words, low cost, low power portable PCs (ChromeBooks) running an OS that boots directly to a browser (ChromeOS). Pretty slick idea if everything you do is online. And the cost is less than a decent tablet. From a security point of view, you still have all of the issues you have with any portable device, but in this case if it gets hammered by malware just reformat and start over. Or throw it away and buy a new one.

  • Get a account.

R.I.P Nuff said.

  • A fair portion of download-able software is infected with malware, malicious or just plain bad.

This has reached critical proportions for the mobile “app stores”. The myth of the malware-invincible platform died with the “I’m a mac, I’m a PC” ads. With the totally closed and curated app and content stores, iTunes and Windows, this is still mostly true – only a “fair portion” of the content is malicious. The used-to-be totally-free-and-open store, Google Play, on the other hand has the “vast majority” of it’s content being malicious or utterly useless crapware. It’s getting better but in the realm of malware infected platforms Android is king.

  • Virtualization software requires a lot of resources (i.e. a very powerful computer) and it’s not trivial.

This has improved dramatically. For businesses and technical users almost everything is virtualised. My personal system is a hypervisor platform where I run whatever I need in VMs. Many businesses are doing that with hypervisor platforms from Microsoft, Citrix and VMware. But what about mom? Surely she could never use virtualization. She not only can, she does. Every time she points her smart phone or tablet at a web app. Running in the cloud. On a virtual server. Virtualization didn’t go mainstream, it went to the cloud. Some would argue that it is “the cloud”. Oh – and have you looked at Parallels for Mac lately? Yeah, mom could use that easily. If she needed to. You certainly could, too.

  • A sandbox sets aside a place on your computer where programs can play nicely, isolated from everything else.

Sandboxing has well and truly gone mainstream. It’s now built in to any decent browser – even some of the mobile browsers. Back in 2009 I suggested Sandboxie which was pretty much the only game in town. It is still a decent option, but like always it demands a greater knowledge of its underlying mechanisms than is practical for mom. What mom needs is an automatic sandbox where all of the details are managed in the background. Turns out that just such a system exists. The Comodo Internet Security Suite, a free set of packages from Comodo (no I don’t work for them or get spiffed in any way by them) has, among other features, “Auto Sandbox Technology”. Coupled with another feature called “Kiosk mode” it essentially turns your Windows PC into a sandboxed ChromeBook by way of Comodo Dragon (Comodo’s branded and hardened version of Chrome). I run this package in my “dangerous” Windows VM that I use explicitly for researching those really nasty corners of the interwebs. Besides who could resist browsers with names like Comodo Dragon and Ice Dragon (their Firefox variant).

So, indeed, what difference 5 years makes. Internet security and privacy tools, circa 2013, have improved both in technology and usability. But then so have the threats. I suspect that the biggest difference is that the greatest threats to privacy are coming from groups whose nominal purpose is to protect our rights, including privacy. That and the fact that we’ve been conditioned by Facebook and Google to believe that privacy doesn’t matter and freely gave it up long ago. But that’s a post all by itself.

My Christmas Vacation from Hell, a Cautionary Tale.

To paraphrase Joe Friday of Dragnet fame, here are just the facts, ma’am: Since 2012 marked our 30th anniversary, my wife and I booked a Christmas Cruise. This being our first cruise, we were lucky to be accompanied by some family members, several of which are veteran cruisers. The salient fact about this cruise is that it embarked from Baltimore, MD USA and included a stop in Port Canaveral, FL USA before sailing on to the Bahamas. As Charles Dickens writes in A Christmas Carol, this must be distinctly understood, or nothing wonderful can come of the story I am going to relate.

Shortly after we sailed I started feeling ill. By dinner I was very sick, but everyone including the ship’s doctor assured me that it was just sea-sickness and that a nice lie down in the stateroom would have me ready to eat and drink my way to cruise nirvana soon. By the time the ship docked in Port Canaveral it was apparent that my affliction was not motion sickness but something more serious and probably contagious. So at this point my wife and I decided to leave the cruise since luckily we were still in the USA. Turns out that was not so lucky after all.

The guest services people on the ship, while quite solicitous and sympathetic, were nonetheless flummoxed by this situation. First they told us that we were not allowed to disembark until we reached Nassau, in the Bahamas. When pressed further they decided that while we could technically disembark in Florida, there would be a $300 per person fee to do so. We decided that it would be worth the $600 to avoid sailing on and then risking having to fly home to Colorado from Nassau. So we made the appropriate arrangements with a local hotel and rescheduled our flights accordingly. When we arrived back at the guest services desk, luggage in hand, the attendant informed us that they just needed to contact Customs and Border Protection (CBP) so we could be escorted off the ship. A few moments later, the seriously flustered crew member returned with news that CBP would not be able to send anyone until long after the ship was scheduled to sail for the Bahamas. At this point we got a bit testy and pointed out that we could simply walk off the ship, it being docked and we being American citizens to which the amazingly understanding, but frustrated guest services guy replied while that was a possibility they would be required to inform local authorities that we had disembarked and we would then in essence be fugitives, albeit very easy to find fugitives.

So feeling defeated, we decided that the best course of action would be to make another visit to the ship’s doctor and stick it out until we reached Nassau and decide then what course of action to take. The doctor concurred with our amateur diagnosis of some kind of virus infection, medicated me heavily and quarantined me to our stateroom for 24 hours which would be about the time we would arrive in Nassau. Fortunately the treatment was effective and I was more or less healthy when we reached Nassau and decided to continue the cruise. Unfortunately between the hotel we booked on short notice and never used and the changes in airline flights we made, the cost was substantial.

So how does a snarky security blogger having a bad vacation affect you and how is this a “cautionary tale”? I’m glad you asked.

The real story involves antiquated laws, security theater and the nature of the passenger maritime industry. But I’m getting ahead of myself.

The story begins in 1886 with a bit of legislation intended to protect the then in it’s infancy American passenger vessel industry, called the Passenger Vessel Services Act of 1886.

The Passenger Vessel Services Act of 1886 (sometimes abbreviated to PVSA, Passenger Services Act, or PSA) is a piece of United States legislation which came into force in 1886 relating to cabotage. Essentially, it says:

No foreign vessels shall transport passengers between ports or places in the United States, either directly or by way of a foreign port, under a penalty of $200 (now $300) for each passenger so transported and landed.

This was further bolstered by the Merchant Marine Act of 1920, better known as the “Jones Act”.

The Merchant Marine Act of 1920 (P.L. 66-261) is a United States federal statute that regulates maritime commerce in U.S. waters and between U.S. ports. Section 27, better known as the Jones Act, deals with cabotage (i.e., coastal shipping) and requires that all goods transported by water between U.S. ports be carried in U.S.-flag ships, constructed in the United States, owned by U.S. citizens, and crewed by U.S. citizens and U.S. permanent residents. The purpose of the law is to support the U.S. maritime industry.

So putting this together we get the following (presumably unintended) consequences.

Any vessel subject to the Merchant Marine Act of 1920 counts as a U.S. vessel. Under the Passenger Vessel Services Act of 1886 (46 U.S.C. § 55103), foreign-flagged vessels cannot transport passengers directly between U.S. ports. The handful of U.S.-flagged cruise ships in operation are registered in the U.S. to permit cruises between the Hawaiian Islands, or from the continental U.S. to Hawaii. The Passenger Vessel Services Act, however, does not prohibit foreign-flagged ships departing from and returning to the same U.S. port or foreign-flagged ships departing from a U.S. port, visiting a foreign port, and then continuing to a second U.S. port. However, in order to embark in a U.S. port and disembark in a second U.S. port, the vessel must visit a distant foreign port outside of North America (Central America, Bermuda. the Bahamas, and all of the Caribbean except Aruba, Bonaire, and Curaçao, count as part of North America).

In accordance with this law, Cruise lines that operate foreign-flagged vessels are fined $300 for each passenger who boarded such a vessel in one U.S. port and left the vessel at another port.

There are legal exceptions in the case of medical emergency, which in spite of how I felt at the time, my 48-hour malady could hardly be considered such. So the bottom line is that the cruise line was prohibited by US law from allowing us to disembark at an intermediate US port.

But wait! This gets better. Since 911 the Customs and Border Protection (CBP), now a part of the Department of Homeland Security (DHS), has had a strict policy that no one embarks to or disembarks from a foreign-flag vessel in a US port without going through CBP (often referred to as “Customs”). And this is where it gets really interesting. Turns out there is no CBP office in Port Canaveral since no foreign-flag vessels embark or disembark passengers there and the nearest CBP office is in Orlando which is 55 miles away. So it’s not too surprising that the CBP folks were not ready to lend assistance immediately. So the bottom line is this: there was no legal way for the cruise line to allow us to disembark at Port Canaveral except if we were taken directly to a hospital or in police custody.

So why didn’t the ship’s guest services crew just tell us this up front? Here’s where the final bit of that foreshadowing of doom comes in: the nature of the passenger maritime industry. You see, the typical crew member on a cruise ship is not American (given that as far as I can find out there is exactly one US-flag cruise ship in operation) so they can hardly be expected to be familiar with US maritime law. Also crew members are not permanently assigned to a ship and ships are not dedicated to a single cruise route. Since very few cruises that embark from US ports have an intermediate stop in another US port before heading out into international waters thereby being subject to the Jones Act, it’s hardly surprising that no one on the guest services crew during the holiday season had ever heard anything about either the Jones Act or CBP policy. So you can hardly fault the crew members for not having good information.

Finally there’s yet another bit that didn’t figure in to this tale that would have had we decided to stop cruising and disembark in the Bahamas per the suggestion of the crew. Since 911 DHS has aggressively discouraged airlines from booking short notice one-way flights into the US. Airlines will not actually refuse to do so, but it will cost a lot. In fact they will suggest that you buy a round-trip ticket which will cost less, although still expensive, and just forget the return trip. In either case this will pretty much guarantee a strip search and several hours of intimate conversation with TSA officials once you get back into the US.

So what should you take from this cautionary tale? Here’s the list:

  1. If you take a cruise from a US port to anywhere outside the US, be aware that if you get sick or have an emergency that cuts short your cruise it will be a very expensive proposition.
  2. Do not assume that crew members on the cruise ship have any idea how to handle your emergency situation with respect to getting you off of the ship.
  3. If you are forced to cut short your cruise be aware that the cruise line is very limited in what they can do to help you as they too are victims of antique protectionist law and modern security theater.
  4. Since the cruise line is forced into an untenable situation there are no guarantees regarding what they can or will be responsible for. You are on your own to figure this out and know what should happen next.

Fortunately this story does have a happy ending. My vacation wasn’t totally ruined. I got to visit Nassau and bask in the warm Caribbean sun on Coco Cay, so I definitely will be returning to the Bahamas in the future. The cruise line, Royal Caribbean, really made things right. Not only waiving all medical fees and refunding part of the cruise fee for the time I was quarantined they refunded all of the extra expenses incurred with the failed attempt to leave the ship. So kudos to Royal Caribbean (no they didn’t spiff me to write this – they just did the right thing). Since I have no other experience, I have no idea what other cruise lines might do in such a situation but I can definitely recommend Royal Caribbean. Only next time I think I’ll take a cruise not subject to the Jones Law / CBP / DHS perfect storm of cruise hell.

Security For All is fours years old (and then some)

Happy Birthday, Happy Birthday, Happy Happy Birthday To You!
I want to do something special for you,
It’s your birthday, and you’re special too.
So I brought some guabs from the outter guab zoo.
They honk (honk) and squak (squak) and sing just for you…
Happy Birthday, Happy Birthday, Happy Happy Birthday To You!
Open your eyes, here’s a present.
More crazy creatures; don’t worry they’re pleasant.
They’re upside down weets on inside out swings,
They do things backwords, and backwords they sing…
Yppah Yadhtrib, Yppah Yadhtrib, Yppah Yppah Yadhtrib Ot Ouy!
From Happy Birthday by Disney

August 2012 marked the fourth anniversary of Security For All. The very first blog post was all about the security theater accompanying the 2008 Democratic National Convention in Denver wherein then-Senator Barack Obama snagged the nomination ultimately culminating in his becoming now-President Barack Obama. So just to keep things symmetric and tidy [I’ve mentioned before I’m a “circle of life” kind of guy] I had to wait until after election day in November to make sure who was really going to win the Oval Office. Of course by then it was Thanksgiving time and I had to put together the annual Thanks for all the phishing extravaganza. That and I also had to make sure the world really didn’t end with the Mayan Calendar. So that’s my excuse for being 5 months late in getting this out.  And I’m sticking to it.

Regardless of the veracity of my excuses, I typically do a kind of “year in review” for the birthday post so year end 2012 is really more appropriate anyway. Yeah! That’s the ticket. So without further ado, in no particular order or coherency:

I made a big career change moving to Trustwave in January 2012, where I’m now working as a Software Architect. This is actually the real excuse for the lack-luster posting frequency on this web log. These Trustwave folks are brutal taskmasters that expect superhuman effort from me (and everyone else). And I love it.

My son Nick, who pens the Captain X-Ploit sagas, is now a Junior at CU studying Integrated Physiology (pre-med). This accounts for the good Captain’s MIA behavior.

The entertainment industry’s “war on piracy” [for the ironically impaired the reference is to the “war on drugs” or “war on terrorism” both abject failures at their stated intents but lucrative financially to the associated industries at the expense of everyone else] was ramped up by calling in some chips from their trained (purchased) politicians resulting in these adventures:

  • Stop Online Piracy Act (SOPA) spawned a “blackout” that became the largest protest in the history of the internet.
  • The US FBI shut down for alleged copyright infringement. This prompted the hacker group Anonymous (those guys with the swell Guy Fawkes masks) to respond by attacking government and entertainment industry websites. Turns out that Kim Dot Com, the Aussie proprietor of may actually end up suing the US government et al due to some sticky jurisdictional issues. In any case was soon replaced by other sites and any interruption in service was short lived. The “war on piracy” on this front is a lot more like “wack-a-mole” than a real war and every bit as effective.

Occupy London protesters were evicted from St Paul’s Cathedral. This of course begs the question of whether the Church of England is more concerned with spiritual or corporate interests. I’ll leave it as an exercise for the reader to come to their own conclusion.

2012 was a bad year for Greece. It started out OK with Greece securing a debt-restructuring deal with private lenders in March, but that turned out to be way too little, way too late and protests in Athens began (again) in earnest following a 77-year-old pensioner’s suicide outside Greece’s parliament in April. By mid April the Prime Minister of Greece, Lucas Papademos, had resigned and called an election for early May, but alas by mid May Greece’s fifth attempt to a form a coalition government went pear shaped and new June elections were scheduled. So once again Greek voters returned to the polls in early June. This time Antonis Samaras, the leader of the New Democracy party in Greece, was able to form a coalition government and by mid June Greece had proposed to slow down austerity measures by two years. This did not play well in Germany (i.e. the place where the Euro spigot valve is located). By September a new austerity measure was enacted that required Greece to increase its maximum working days to six per week. This did not play well in Greece where in late September Greek trade unions called a general strike to protest austerity measures and by mid October tens of thousands were protesting the austerity measures including 25,000 people in Athens protesting  German Chancellor Angela Merkel specifically. By mid November a series of protests against austerity measures occurred across Europe including Spain, Portugal, and of course Greece. Finally in late November the Eurozone announced that it would pay out 43.7 billion euros in loans to Greece. Call me cynical but I’m not predicting anything other than more protests in 2013 as a result.

Apparently spurred on by the quest for obscene wealth or maybe it was taking the money and running, Mark Zuckerberg decided to take Facebook public. In spite of working up unprecedented buzz surrounding the vaunted and highly anticipated [on Facebook at any rate] Initial Public Offering, the reality was that they had no idea how to pull off such a money grab (er.. IPO). The result was that Facebook’s problematic public listing ended up costing those involved $115 million from technical glitches. The stock turned out to be a bit of an underachiever (read LOSER).

In other legal follies Apple sued Samsung and Samsung sued Apple in a multi-part saga spanning the globe. In late August both Apple and Samsung were found guilty of patent infringement in a South Korean court while a US jury in California found Samsung guilty of patent infringement and awarded over US$1 billion in damages to Apple and Apple lost its patent dispute with Samsung in Tokyo, Japan. But wait! There’s more! [in my best late night infomercial voice]. By mid October a US appeal court overturned a district court ruling banning the sale of Samsung in the US. So let’s see  by my count the score is now Apple – 0, Samsung – 0 in South Korea, Apple – 1/2, Samsung – 0 in the US, Apple – 0, Samsung – 1 in Japan. So that’s Apple 1/2 to Samsung 1 overall. That seems like a lot of legal money for nothing. I’m just saying…

On a more serious note, 12 people were killed and 59 injured after a gunman opened fire at a movie premier in Aurora, Colorado and a few months later 28 people, including 20 children, were shot to death at Sandy Hook Elementary School in Newtown, Connecticut. The saddest part of these tragedies was the predictable reactions of zealots on both sides of the “gun issue”. National Rifle Association (NRA) members went on a buying spree of assault weapons and ammunition fearing that restrictive new laws would be enacted making it marginally more difficult for them to maintain and expand their arsenals. While on the other side politicians beat their breasts, claimed to feel our pain, and vaguely promised exactly the kind of useless legislation that the gun rights adherents so pathologically detest. The NRA actually proposed training and arming all public school principals, and the great state of Arizona dutifully passed dubious legislation along those lines. Primary school principals with assault rifles – What could possible go wrong with that? My disgust with political discourse in America grows.

And then there was Hurricane Sandy which became Super Storm Sandy. Here are the bare facts:

October 24 – Hurricane Sandy makes landfall in Jamaica killing 1 person and causing over $50 million in damage
October 25 – Hurricane Sandy makes landfall in Cuba and Haiti killing 65 people and causing over $80 million in damage
October 26 – Hurricane Sandy makes landfall in the Bahamas killing 2 people and causing over $300 million in damage
October 29 – Hurricane Sandy makes landfall in New Jersey resulting in 110 deaths and $50 billion in damage and forces the New York stock exchange to close
October 31 – The New York stock exchange opens after being closed for two days after Hurricane Sandy
November 26 – The cost of Hurricane Sandy to New York is announced to be $32 Billion

The actual story beyond the devastating facts above is that the Jersey shore as we remember it is gone. Forever. All over New York and New Jersey the devastation was unprecedented [my daughter-in-law’s uncle’s house in Long Island was all over the news because the house across the street literally blew up when a tree uprooted a gas line – the demolished house is in the foreground of the picture]. The lessons here are several:

  1. Our emergency preparedness systems are not ready for a disaster of this scope.
  2. Climate change is happening. Now. We need to quit pretending and start preparing to be resilient.

So stay tuned. Maybe we’ll be a bit more responsible about blogging at Security For All. Or not. But it will probably be pretty funny and borderline informational.

Oh and be sure to actually go to the Security For All blog site and check out our annual swell theme change.

Thanks for all the phishing in 2012
Thanks for the information
Oh never give a sucker an even break
When you’re on to something it’s a
Dime in a dozen people start
Coming out of the woodwork
Thanks for the invitation
I know I must be on to something big
From Thanks for the information by Van Morrison

In 2009, the first year of this blog, in honor of Thanksgiving here in the USA I posted an entry about some things I would have been thankful for in 2009. If they were even remotely true. I’m a collector and, dare I say connoisseur, of Nigerian 419 style phishing messages. Since then it’s become an annual event. So without further ado, here is a sampling of my favorites from 2012. The things I’m thankful for.

I am thankful for Someone associated with the Benin Republic who wants to give me $950K (I think) in $5K (or is it $4K) chunks and it will only cost me $50.



RECEIVER NAME:okoye Lawrence



I’m pretty sure I understand that…
OK seriously that pegs the old WTF meter, but hey it’s got to be legit since Mr. Pius is THE NEW MANAGER OF WESTERN UNION. And how can you possibly not trust that security question and answer. This is the hands down winner of the Most Egregious Misuse of Google Translate award in the Found Money category.

I am thankful for all of the US and international government organizations who are dedicated getting my money back from those nasty Nigerian Miscreants, Hoodlums and Touts.

Office Of The National Security Adviser
Federal Republic Of Nigeria
Aso Rock Villa, Asokoro District,

Based on our investigations,we wish to warn you against some Miscreants, Hoodlums and Touts who go about scamming innocent people by claiming to be who they are not and thereby tarnishing the image of this wonderful country. I am Lt General Peter Olu (Rtd),National Security Adviser to the new Nigerian President Dr Goodluck Ebele Jonathan,(GCON).

I am delighted to inform you that the contract panel which just concluded its seating in Abuja, just released your name among listed beneficiaries to benefit from the Diplomatic Immunity Payment. This Panel was primarily delegated to investigate manipulated inheritance claims, contracts and over-invoiced payment as the effect has eaten deep into the economy of our dear country.

However,we wish to bring to your notice that your contract profile is still reflecting in our central computer as unpaid beneficiary while auditing was going on. Your payment file was forwarded to my office by the auditors as unclaimed fund, we wish to use this medium to inform you that for the time being,the Federal Government of Nigeria have stopped further payment through bank to bank transfer due to beneficiaries numerous petitions to United Nations against Nigeria on wrong payment and diversion of contract/inheritance funds to different accounts.

In this regards, we are going to send your contract part payment of $4.1 Million USD to you via our accredited shipping company and I have secured every needed documents to cover the money while the diplomat will get it delivered to you right in your door step.

Note: The money is coming in 2 security proof boxes. The boxes are sealed with synthetic nylon seal and padded with machine. Please you don’t have to worry for anything as the transaction is 100% risk free.

Best Regards,

Lt General Peter Olu (Rtd).
National Security Adviser to the President
Federal Republic of Nigeria.

And this helpful organization as well.

Good day,
I am Dr. Sofia Hill, I am a US citizen, 48 years Old.  I am one of those that took part in the Compensation in Nigeria many years ago and they refused to pay me, I had paid over $20,000 while in the US, trying to get my payment all to no avail. So I decided to travel over to Nigeria with all my compensation documents, and I was directed to meet Mr. Michael Craig, who is a member of COMPENSATION AWARD COMMITTEE, and I contacted him and he explained everything to me. He said whoever is contacting us through emails are fake. He took me to the paying bank for the claim of my Compensation payment.

Right now  I have received my compensation funds of $1,500,000.00 Moreover, Mr. Michael Craig, showed me the full information of those that are yet to receive their payments and I saw your name as one of the beneficiaries, and your email address, that is why I decided to email you to stop dealing with those people, they are not with your fund, they are only making money out of you.

I will advise you to contact Mr. Michael Craig directly through the below information.

Name: Mr. Michael Craig
E-mail: michaelcraig44@…

You really have to stop dealing with those people that are contacting you and telling you that your fund is with them, it is not in anyway with them, they are only taking advantage of you and they will dry you up until you have nothing. The only money I paid after I met Mr. Michael Craig was just $420 for the paper works, take note of that.

Thank You and Be Blessed.

Dr. Sofia Hill, MD
Childrens Hospital Outpatnt Ctr

Wow! All of these folks falling all over themselves just to help me get satisfaction from those scammers. Although I can’t actually recall being scammed, it was hard to choose which of these individuals was the most trustworthy – Lt General Peter Olu (Rtd). he’s ex-military, and National Security Adviser to the President (of Nigeria) or Mr. Michael Craig who comes highly recommended by Dr. Sofia Hill, MD who was scammed out of $20,000. You can choose which should win in the Help from Nigeria category.

I am thankful for all of the wonderful folks who recognize what an honest, astute investment adviser I am and want to make me rich for assisting them in philanthropic endeavors.

Beloved, Please read this letter carefully.
Don’t be surprise to receive this message; I got your email address from a mail directory. I am Mrs. Joy Armstrong a National of Ivory Coast; I am married to Late Engr. Daniel Armstrong. We were married for 17 years without a child but still waiting upon the lord before my beloved husband`s death in the year 2006.

Since after the death of my late husband, I decided not to re-marry. When my lovely husband was alive, he deposited the sum of US$8 Million (Eight Million United States Dollars) in fixed /suspense account in one of the leading Bank here in Ivory Coast. Presently the bank management contacted me as the next beneficiary because, the initial agreement which my late husband reached with the bank for withdrawal of the fund has expired and due to my critical health am not opportune to apply for the release of the fund to me because, I have a deadly disease called CANCER OF THE LUNGS.

Recently my doctor said my conditions is really deteriorating and is quite obvious that my death is very close because, the CANCER stage is becoming worst. I have been hospitalized for the past 7 months. Base on doctor`s report, am scared because death can come at anytime I now decided to share my feelings and plans with you at this moment in good faith to donate this inherited funds through your great influence and assistant by utilize 70% of the total money to the following like Churches, Orphanages Home, Handicaps, Widows and Widowers, while you keep the remaining 30% for yourself for carrying out my last decision.

Kindly reply me if you can do my wish so I can give you more details on how best the fund will be transfer to you. and will also issue you a letter of authority declaring you as the next of kin or beneficiary to the fund. Please kindly assure me that you will act accordingly and keep all details confidential.

I expect your prompt reply. Thanks and God bless you.

Yours faithfully

Mrs. Joy Armstrong.

And this person who entices me with coy romantic innuendos.

My Dearest,

Good day to you, I know you will be surprise to receive this email, Before I proceed I must first apologize for this unsolicited mail to you, I am aware that this is certainly not a conventional way of approach to establish a relationship of trust, my dear I will like you to understand that, I am writing this mail to you With due respect trust and humanity, I have decided to contact you after much thought considering the fact that we have not meet before, but because of the circumstance oblige me, I decided to contact you due to the urgency of my present situation here in the refugee camp, honestly i am writing this email to you with pains, tears and sorrow from my heart, I am Miss Alice Kipkalya Kones, 25yrs old female and I from Kenya here in Africa; my father was the former Kenyan road Minister. He and Assistant Minister of Home Affairs Lorna Laboso had been on board the Cessna 210, which was headed to Kericho and crashed in a remote area called Kajong’a, in western Kenya. The plane crashed on Tuesday 10th, June, 2008.

After the death of my beloved father my wicked step mother along with my uncles team together and sold everything that my late father had and share the money within themselves. Unfortunately to me I fined my father’s briefcase and when I opened it I found a document, which my late father use to deposit the sum of Nine Million Four Hundred Thousand United State Dollars ($9.400.000.00) in a Bank, here in Burkina Faso West Africa with my name as next of skin, right now I am in Ouagadougou Capital of Burkina Faso to withdraw the money so that i can start a better life and also further my education.

But on my arrival to the Bank, the Bank foreign Operation Department Director whom I meet in person told me that my father instruction to their bank is that the fund would only be release to me when I am married or present a trustee/partner who will help me and invest the fund overseas after the transfer, and the bank ask me to go and look for a foreign partner, that was why I decided to contact you, which I believe that you are going to be honest and reliable person that will help me and stand as my trustee/partner, so that I can present you to the Bank for the release and transfer of the inheritance fund into your bank account in your country, and It is my intention to compensate you with 40% of the total fund for your services and help and the balance shall be my capital in your establishment. As soon as I receive your positive response showing your interest i will put things into action, in the light of the above, I shall appreciate an urgent message indicating your ability and willingness to handle this transaction, awaiting your urgent and positive response, Please do keep this only to your self, i beg you not to disclose it to any body till i come over because am afraid of my wicked stepmother, i will send you my picture in my next email, with due respect, i am pleading that you help me, i am giving all this detailed information with every transparency believing that you will have a clear picture of the base of help i need from you.

I hope to hear from you soon, May truth and love be the guiding word in my refuge,

Best regard,

Yours Sincerely
Alice Kipkalya Kones.

Yet another hard choice to make – do I go for the widow who’s dying of a deadly disease called CANCER OF THE LUNGS but is only offering me 30% of $8 million or the damsel in distress (I’m a sucker for sob stories that involve wicked stepmothers) who implies that I could get not only romance but control of $9.4 million. Again you can choose which should win in the Help with Investments category.

I am thankful for long lost relatives who leave me obscene amounts of money.

Dear Friend,

I am Joseph Onalia, an Attorney by profession from Republic of Togo, Senior Advocate of Togo, (S.A.T).

It might interest you to know that I have a deceased client that bears the same surname with you.

Mr A I.(your last name) came to Togo in 1988 and was working with Shell Development company, Lome Togo.

In 1996 Before his death, I assisted him in making a 15years fixed deposit worth $9.5M which has now Matured to USD$21M payment by the financial institution.

The bank has notified me to provide the next of kin or have the account Confiscated within the next 60 official working days.

I am contacting you for two reasons. Firstly, you both have the same last name, which makes the claim most credible. Secondly, I strongly believe that the financial firm does not deserve to inherit the funds.With your permission, I wish to  proceed to establish you as the next of kin/Beneficiary to my late client.

Do not be afraid as I am his representative attorney and stand the capability to provide all the necessary paperwork to back up this claim until the funds are released to you, We will split.

As it is currently valued at US$21M USD. I intend to split the total US$21M USD with you equaly 50%/50%, after deducting any expenses that comes up during the process of this transaction and thereafter i shall invest my own share in real estate business in your country. Let’s work this out for I have all the documents to prove you as the heir to my deceased client.  If this is against your principles, I do humbly apologize and please do keep very secret.

Kindly get back to me with your;

Full name…………………
Telephone number……………….

I look forward to hearing from you if you are ready to proceed on this transaction.

Best regards,

Barrister  Joseph Onalia
Senior Advocate of Togo, (S.A.T).

Ah yes, good old uncle A I.(your last name), I remember him well before he left for Togo… But that lawyer Joseph Onalia seems a little sleazy – even if he is Senior Advocate of Togo, (S.A.T). I mean taking 50% of my $21 million – after deducting his expenses – seems harsh. I’m not really sure why he needs to know my profession but he’s definitely the winner in the Inheritance category.

I am thankful for uncouth oil companies who want me to assist with business investments.





Although I’m usually wary of crude organizations like Fox Media, this offer is so obtuse that how can it not be legit. This is the clear winner of the Most Egregious Misuse of Google Translate award in the Shady Deals category.

I am thankful for the outrageous prizes I’ve won in various contests I’ve never even entered including WRM Media, Asia Pacific Lottery, YAHOO & WINDOWS LIVE prize, BP Biannual Webmail Sweepstakes, UK National Online Lotto and Yahoo Awards promotion.

Hello Joseph Webster,


Your eMail address was exclusively selected as a possible winner.

Well done – you made it!

You have qualified for the free-choice sweepstake and are therefore amongst the chosen few in the final draw for 3 Apple products: iMac, iPhone, iPad.


Asia Pacific Lottery Organization
80b Phetchamnork Avenue,
Bangkok Thailand.


We write to Congratulate you as regards your Email Address success in our Online Computer Balloting Sweepstakes Program from the Asia Pacific Lottery Organization online draws of 5th Day of the Month held in Bangkok Thailand.

All participants were selected through the Registered Computer Internet Users ballot system drawn from 10,000, Personal Email Addresses & official Email Addresses, from Asia, Australia, New Zealand, Europe, North and South America, Middle East and Africa, as part of our International Promotions Program.

Your Email Address has subsequently won you one of the two Jackpot prizes in the 5th category? You have therefore been approved to claim a Total Sum of USD$368,000.00 (THREE HUNDRED AND SIXTY EIGHT THOUSAND UNITED STATES DOLLARS) Only.

Your Email Address attached to ticket number APLA286067-00-805 with Serial Number ANGR9-3088 that drew the Lucky Numbers of 8641146.

You have therefore been approved of a lump sum payment of USD$368,000.00 (THREE HUNDRED AND SIXTY EIGHT THOUSAND UNITED STATES DOLLARS) Only in cash credited REF NO: ASIAPLOTTOORG00-03803.


British Microsoft Award
Headquarters: Customer service

33 YatchBasinMarina Offices,
UponTyne Newcastle London.


Your email addresses have just won YAHOO & WINDOWS LIVE prize money of GBP£2,000,000.00 (TWO MILLION = GREAT BRITISH POUNDS STERLING) On Friday, 8/3/ 2012. Award winners emerge through random selection of all active email subscribers online. Six are selected monthly to benefit from this promotion.

Payment of Prize and Claim

Winners are to be paid in accordance with his/her SettlementCenter. This promotion was drawn based on email address as the key identification for setting up online accounts. All valid email addresses in the World Wide Web Draw used/participants for the online email promotion version were selected randomly via computer balloting from a global website collaboration with internet companies like eBay, pay pal, liberty reserve, and Google whom also built their systems and based their membership registration identity on email addresses supporting this computer draw system done by extracted email addresses from over 100,000 unions, associations, and corporate bodies  and  affiliated members to the National Lottery website and their advertisers listed online.

these are your identification numbers:
Batch Number: YPB/08/APA-43658
Reference Number:  ZA/YPN/270992008
Award File Security code:  UK/+QU03005

Please note that you’re lucky winning ticket file and number falls within our African booklet representative office in Johannesburg South Africa, as indicated in your ballot played coupon. In view of this, your (£2,000,000.00) would be released to you by our payment department in South Africa


Reference Number: BP12/0117/2012
Batch Number: PBSS102/1414
Dear Sir/Madam,

Winning Notification

The BP Promotions Office hereby notifies you that you are a winner of our Biannual Webmail Sweepstakes Program which took place on the 21st of March 2012 in our head office.

Participants were obtained from a database of one billion email user accounts and no tickets were sold because email addresses were assigned play coupons which were randomly generated using our Quick-Pick Automated E-ballot Software.

You have therefore been approved for the lump sum pay out of £750,000.00(Seven Hundred and Fifty Thousand Pounds Sterling) allocated to Ref No: BP12/0117/2012 because your play coupon bears one of the lucky winning number sequences [21-24-32-43-36-45] Bonus (16). This is from the total promotional budget of £16,000,000.00 (Sixteen Million Pounds Sterling) which is to be shared amongst the winners in this category



Are you the correct owner of this email address? If yes then be Glad this day as the result of the UK National Online Lotto and e-mail address free-ticket draws of The 2012Promotion Award has just been released and we are glad to announce to you that your email address came out in the first category and entitles you to claim the sum of ₤1,850,000.00 {One Million Eight Hundred and fifty Thousand British Pounds, From the UK National ONLINE Lottery Promotion

Your email address was entered for the online draw on this free ticket number: 9DHHDF09373 and won on this Lucky number: UKLO647UZGDJ2.

Please remember you did not enter or buy the ticket to earn you this Prize. It is a Promotional Program to encourage the use of Microsoft and Internet Programs.


Yahoo Awards Center
124 Stockport Road,
Longsight, Manchester M60 2DB – United Kingdom

Dear winner,

This is to inform you that you have won a prize money of Eight Hundred,Twenty Thousand Great Britain Pounds (£820,000,00.)for the month of May, 2012 Prize promotion which is organized by YAHOO AWARDS & WINDOWS LIVE.

YAHOO collects all the email addresses of the people that are active online, among the millions that subscribed to Yahoo and Hotmail and few from other e-mail providers. Six people are selected monthly to benefit from this promotion and you are one of the Selected Winners.

Yep – it’s been a great year for my lottery-winner-without-playing career. Aside from the millions of GREAT BRITISH POUNDS STERLING (apparently that’s the currency of choice for these lotteries – and whats up with all that collaboration between Microsoft and Yahoo?) I also won some swell Apple products and was even chosen to be on Deal or No Deal. Of course I’m still waiting for my money, iStuff and for Howie to call but in the meantime these all were winners in the Lottery Winnings category.

I am thankful for all of the offers of thinly veiled money laundering gigs.

Good day.

International Financial company working in the field of medical payments has available vacancy of Account Coordinator in USA.

The main responsibility of this position is to serve payments from our clients in United States.

Requirements :

– Location : USA

– Adult age

– Proven ability to work as part of a team


– Ability to work as home-based employee

– Flexible working schedule

No entrance fees are required.

If you are interested, please send back your resume (CV) with your contact details.

Have a good day.

Strictly speaking these aren’t really phishing attacks. They are real, if not legitimate, job offers. They are, however, related to these phishing scams in that this is how the money is laundered – through bogus financial, travel or shipping companies where all of the Account Coordinators work from home and basically run money through their checking accounts. These solicitations range in veracity from obvious nonsense like this one to really good fake CareerBuilder and Monster notifications. The Money Laundering category contains by far the most messages that I receive.

So there you have it – my list of stuff that I would be thankful for if they were even marginally real.

On a final, more sobering note I received one phishing email that has the dubious honor of being the most chilling and disgusting message I’ve ever received. The background for what makes this message so nasty is this, as described by The Denver Post:

The 10-year-old girl with the gap in her front teeth, who liked to play cheerleader and waitress, giggled a lot, loved the color purple and couldn’t wait to be a teenager, was on her way to school, alone.

She was supposed to meet a friend, a boy her age. The 1,000-foot walk down the street to his home should have taken four minutes, maybe five.

But Jessica Ridgeway, bundled against the cold in a black puffy jacket, never arrived.

The hours and days that followed brought confusion and false leads, moments of hope and dread, leading to the devastating announcement a week after her disappearance that human remains found in a desolate open-space park 9 miles from her home were Jessica’s.

On the afternoon of Oct. 10, maintenance workers were out picking up trash — a routine exercise in a park neighboring a landfill.

Earlier that day, police announced they had ruled out Jessica’s parents as suspects and believed an unknown person abducted her.

At about 2 p.m., workers came across a plastic garbage bag in plain view near a culvert on the side of the road, said Arvada police spokeswoman Jill McGranahan. The bag was heavy and “seemed kind of strange,” she said.

At that moment, animal-management officers who typically chase down stray dogs and escaped livestock drove by.

The maintenance workers flagged them down. An animal-control officer looked inside the bag and saw human remains, McGranahan said. Law enforcement officials have declined to be any more specific than to say they discovered a body that was “not intact.”

Within hours, hundreds of local police and FBI agents descended on the open space to walk the area and look for evidence.

It was 9 miles from Jessica Ridgeway’s house.

Two days later, grim-faced state and local law enforcement officials announced that DNA tests had confirmed that the remains were Jessica’s.

“The focus has changed from the search for Jessica to a mission of justice for Jessica,” said Westminster Police Chief Lee Birk.

“There is a predator at large in our community.”

So against that backdrop – I live about 2 miles from where Jessica was abducted – I receive this email purporting to be from “Neighborhood.Alert” with a subject of “Child Predator Warning”. The email contained only images that linked to some sites where you could “sign up for more information”. Yeah you bet – straight up phishing ploy. Let me close with this friendly warning to the person or group behind that little scam: I will hunt you down and you won’t like it when I find you.