Tag Archives: phishing

Phishing Alert – Secret Army Gold

Two phun phishing emails in two days. Both from the same domain, nac.net, which you might want to add to your block list. Yesterday is was a fake FBI email, today it’s the Army.

This is another that falls into the ridiculous category, and maybe the get-rich-quick category as well. How come this army general decided to include me in his $26,000,000.00 windfall of “secret army gold”? (Sound like Three Kings anyone?) And if he really trusts me, why doesn’t he know my name? That alone should be enough reason to ignore such emails automatically.


In review, here’s a few of the things that are wrong with this email:

  • The “From:” email address clearly is not the any valid domain, either military or normal social channels. In fact, it’s known for phishing scams.
  • addressed to “Friend” – He trust me with millions, but doesn’t know my name
  • Random people don’t send you email offering you millions of dollars – not happening
  • Official email address at the bottom doesn’t match the from address. Everything on the left side of the @ sign is the same, but the domain is nac.net at the top, and outlook.com at the bottom. Normal people don’t usually send email like that, with obvious reasonable exceptions.
  • Why is the story a plot from a 90s movie?

FYI nac.net is registered through Godaddy.com since 1995 to a US company called “Net Access Corporation”, so I’m wondering are they purveyors of scams, or just a crappy email provider? Registrant is in New Jersey, server is in Colorado, and domain name redirects to cologix, so who knows.

Stay on the alert – best not to click anything in emails from unknown senders, and anyone who really has millions of dollars for you will figure out how to reach you. That kind of money makes it easy to find out.


Phishing Alert – FBI Offering Millions

Just a quick reminder to keep yourself safe in your email. Some of the phishing scams are incredibly good – they imitate the actual emails that a bank or company will send with the same icons and layout. It’s usually the email address and URL they’re trying to redirect you to that gives it away.

Remember, don’t just check URL’s in your email before clicking them. Don’t click them at all, instead if you’re concerned go to the site by typing in it’s name, like mybank.com rather than clicking a link. That way you’ll be safe even from the really good fakes.

Also watch out for scams that are just too ridiculous. They come in email, text messages, and voice mails. I constantly get warnings from the “IRS” that marshals are one the way. How do people think that’s accurate? I mean you can hate the IRS but that’s still not how they operate. And why do you think they’d come after you? I guess if you haven’t actually paid your taxes maybe it’s easier to get fooled by this. I had fun the other day when I was bored and answered one of these calls. Then I told the person I was onto their scam, and calling the police, and marshals were indeed on the way, but to them, not me. They hung up quickly. A waste of my time, I know, but I enjoyed it anyway.

Finally, watch out for the get rich quick scams – there is no simple thing for you to invest in that industry is trying to hide but you’re going to make a fortune. Add to this the foreign money laundering schemes, Nigerian prince emails, rich dead uncles, and the like. Let me make it simple – there is no one out there who’s just waiting to hand you millions of dollars, or even thousands, or even hundreds. Delete the email/text/voicemail and just move on.

For your entertainment, here’s an email I got today, purportedly from the director of the FBI, who somehow knows my email address but not my name. He’s reminding me that I have $10 million due to me and he’s thoroughly checked it out and for sure it’s legit! Note the ridiculous email address they refer to, and it came from andrewmcjr.fbioffice2017@nac.net because somehow the director didn’t get an official work email address. Poor guy – guess they’re really struggling these days.


As an exercise, here’s a few of the things that are wrong with this email:

  • The “From:” email address clearly is not the FBI
  • addressed to “dear beneficiary” – they don’t know my name
  • The director of the FBI isn’t sending me any email – not happening
  • Citibank supposed email address – again not a Citibank email domain
  • FBI supposed address at the bottom – still not official FBI.gov domain, and different from the sender email, even though the email warns me explicitly to not trust such things
  • Why do I think this is my money?

Stay safe out there – phishing schemes and identity theft are rampant. By the way, if you need to report a scam to the FBI here’s the FBI E-scams and safety page.


Internet Scam Scam

piggy bank cyber crimeI got a very funny email at work today. I try to keep up on my junk e-mail folder in Outlook so that I won’t accidentally miss something important. Today there was one with the subject “Urgent Information” that was listed as “From: Internet Scam Investigation” so of course I was intrigued.

For those who aren’t really familiar with internet security best practices, NEVER EVER EVER open an email from an unknown sender, especially with a name like Internet Scam Investigation because there is no legitimate organization that does such things.

Another good indicator of malmail (malware-email) is the generic “Urgent Information” subject. Again, people I know that actually have urgent information for me don’t do that. The combination of bad subject and bad sender should put your finger on the delete button so fast that your mouse gets hot. The only warning flag that was missing was an unexpected attachment – delete those too. Don’t worry about what’s in them, it’s nothing good. When in doubt, throw it out – or in other words delete it. For more on those look at my earlier post on personal computer security.

So of course I opened the email and read it. Now take note, this is a very foolish thing to do if you don’t know what you’re doing. Do what I say, not what I do in this case. I opened it as as cybersecurity professional in a controlled environment where it couldn’t hurt me. Don’t try this at home!

In short, the email warns that there are a lot of scams out there that are promising you money and you should be aware of them. If you really want to know if any are legit, these are the Nigerians that will tell you the truth.

For your amusement only, the full email is below. And after that some links to computer security software, for those who haven’t caught up with the 21st century yet.

Security Alert

Be on the alert for personal security. NO ONE SENDS YOU MONEY IN EMAIL. And at the very least make sure you’re running some kind of security software on your computer, like those below. If you have questions are suggestions please let me know.