Office of the 
Honourable Minister Of Information 
Federal Republic Of Nigeria 
Tel: 234 703 440 0879


REF/PAYMENTS CODE:06654

This is to inform you that we have verified your payment,
Nigerian 419 scam practiotioners where Arested,your name 
has been shortlisted and approved for this payment as one 
of the 419 scam victims,get back to me immedately for more 
details.

Waiting to receive your reply.

Yours faithfully, 
Chief John Odeh 
Honourable Minister Of Information 
Federal Republic Of Nigeria

Dear Tikitu De jager, Christmas is approaching! Still need to find some gifts for your loved ones? We show you how to find unique gifts on eBay. Also, find out how you can send money home with PayPal and stay in touch for free with Skype! Seasons greetings! PayPal

The funny thing is, I could have sworn I asked them not to spam me. But…

This PayPal notification was sent to [ my address ] because you chose to receive All Policy Change Notices.

Oh. Fair enough. I suppose the policy that’s changed is that “Policy Change Notices” no longer contain notification of changed policies.

I still can’t make up my mind if this is phishing or corporate stupidity.

Case for phishing

• They misspell (mis-capitalise) my surname (“De jager”) while it shows correctly when I log in to paypal.com.
• Can anyone really be so soulless as to take “please send me all Policy Change Notices” as an invitation for Christmas spam?!
• The links in the newsletter go to email1.paypal.nl, which is not www.paypal.com which is where I log in. (Ok, paypal.nl is legit. But a DNS lookup site tells me that subdomain doesn’t exist.)
• Said links include a session identifier, which would suffice to identify me for the phisher site.

Case against phishing

• The got the correct name and email address for my PayPal account. That’s not as easy as it sounds, it’s not the name you’re looking at. (It’s not so very difficult either, though, and the email address is an easy guess.)
• They don’t ask for any information or even that I go somewhere to “confirm” anything. The links are apparently continuations of the articles, or things like “Get Skype”. They all go to that email1.paypal.nl though.
• And if email1.paypal.nl doesn’t exist, how are they getting any information at all, let alone useful information?!

Result…

I’m confused. Anyone know anything about this? Legit and really bloody irritating, not to mention braindead stupid? Dodgy and diabolically clever? It’s got me puzzled.

Update

The PayPal spoofline says it’s fake. But I’m not sure I believe them — the email is clearly a form letter, and it looks to me like it just ripped out the urls from the email and checked whether they were registered to PayPal. Which they apparently aren’t, but I still can’t get past one question: how does it help a scammer to direct me to a non-existant website? (Hm. How does it help PayPal? Good question. No answer.)

Thank you for bringing this suspicious email to our attention. We can confirm that the email you received was not sent to you by PayPal. The website linked to this email is not a registered URL authorized or used by PayPal. We are currently investigating this incident fully. Please do not enter any personal or financial information into this website.

Why was I even looking inside? Well, the subject line was intriguing: “anhydrous Rens“. (The chappy on the right is Rens Bod, one of our ILLC characters. Only his homepage here is all boring text, and I really needed a photo to show how anhydrous he is.)

So I guess maybe the personal opening and “We are emphasizing the area of Mathematical Methods and Optimization in Problem Solving Systems which is related to your specific area” doesn’t really mean I’m an invited speaker (funnily enough, the second invitation was emphasising a different area: Computing Technologies, which certainly sounds worth emphasising). Also notable is that this particular invitation comes via my old Otago student address, which dates back to the days when I didn’t have a “specific area”.

Problem is, now I’m afraid to mark it as spam — not knowing how gmail is working its magic, I’m worried about punishing other more legitimate calls for submissions. Instead, here’s a little link love: Anthony Lieken describes this WMSCI as a “fake conference”, the authors of the paper generator software call it (WMSCI) a “spamference”. You’re welcome to make up your own minds, although this blog posting might dissuade you: the poster –then an undergraduate, if I read his later stuff correctly– paid $400 registration after having his paper accepted by “a huge conference having something to do with computing”. Wonder if it was worth it?

(Excuse the ugly phrasing in the links, I’m going for a particular poetic effect. I heartily encourage all seven readers of this blog to emulate me.)

But of course a clever robot spider from hell can deal with that: the same technique generates magic words as tests for them.

So my second idea was a textfield already containing a word, with a note saying “If you submit this form without clearing this textfield, I’ll know you’re a robot spider from hell.” Better still, “Change this word to the one following it in the article above, to prove you’re not …” You get the idea.

For added fun, rotate these methods (and the simpler “Don’t fill in this textfield unless you’re a RSfH” on eg. the URL field) at random. If I didn’t have a thesis to write, I’d put together a wordpress plugin.

(Why am I thinking about this, given the obvious lack of comment spam on my blog? Because (a) I still occasionally moderate down posts advertising the-card-game-whose-name-we-do-not-speak, and (b) I’m terrified that one of the extremely infrequent genuine comments of my friends is going to get blitzed. It’s not that I don’t trust Spam Karma, it’s simply that I don’t understand it.)