Wednesday, March 31, 2010

My "Winnings" and "Inheritances" Update

Take a look at the dollar total in the right-hand-side of this blog. That number is the running total of how much I am told that I have either "won" or "inherited" since I started keeping track of it in January 2009.

As I write this, I just updated that total to be:

$37,135,922,034.73


That is just over thirty seven Billion USD.

Of course I haven't actually won or inherited anything. That should be obvious. This is based on messages sent by criminals who hope I will believe I won or inherited money, so that they can then tell me to wire them "fees" to ensure the money gets sent to me.

When I first started tabulating this, it was meant to be a one year experiment to see how much I would have "won" if I took seriously the claims of every one of the Nigerian scam emails I receive on a daily basis.

Within the first full year of tabulating, I had "won / inherited" $15,010,243,226.36. (Fifteen Billion USD.) On average I was "winning" 20 - 40 million dollars every single day. I arrived at my first Billion USD of tabulated winnings on Jan. 14th, 2009. The next on Jan. 27th. On average, I was winning a Billion dollars every two to three weeks.

Fast forward to 2010 and what a difference a year makes.

I "won" the equivalent of all I won in 2009 within the first two months of 2010, hitting $30,452,821,816.30 on March 3rd. I now routinely receive from 50 - 90 of these messages every single day. There has never been a single day where I have not received any Nigerian scam messages claiming I have won the "Microsoft Lottery", the "Toyota Lottery", the "Yahoo / Microsoft Lottery", the "Euro Powerball Lottery" or any of the other so-called lotteries these morons keep promoting.

I'm not sure why, suddenly, after new year's eve the volume on this particular type of spam experienced such a drastic spike, but it's officially reached what any normal email recipient would have to think was a ridiculous level.

To the idiots sending this spam: if you send the same "YOU HAVE WON!!!1!!" message more than once a year? People will think you are stupid. More than once a month? Come on.

But several times a day?

Every single day?

How often do people seriously think they can win a lottery?!

Unfortunately, the answer seems to be that at least one person does, because I don't see this trend ending anytime soon.

Some more stats in case anyone out there needs further proof of how utterly stupid the criminals are that send these messages:

- Per day, I now win or inherit around $224 million dollars. Every day.
- The lowest amount I have won in a single day this year: $8,833,127.56.
- The highest amount: $1,726,677,256.77 (That was last week.)
- On average I am winning a Billion dollars every 2 - 5 days. In mid-February it was literally every single day that I was winning one Billion dollars.

Who needs a stimulus package?

I think there greatly needs to be further education of the general, non-tech-savvy public, because as the saying goes, if it didn't work, we wouldn't be seeing this spam.

I'm frankly tired of seeing "soft" news stories about otherwise smart people who get duped into these scams. Literally every one of them ends with the same epilogue: "If it sounds too good to be true, it probably is."

I've got a better line they should start using: "Are you high?!"

Seriously: does anyone really believe that they are actually the "winner" of a lottery every other day?

At this rate, I can't even guess how high this will go. My existing projection tells me that based on today's date, and the average I am winning / inheriting every single day, I will reach the following total on Dec. 31st of this year:


$107,498,721,679.48


Or: nearly one hundred and eight Brillion dollars.

If you found this blog posting while looking to see if "your email has won you $10,000,000.00!!!!!!11!!", please read this:

Use your brain.

No lottery in the world will notify you by email, and they will not require you to ever PAY them any money. Use your brain.

The only way you win a lottery is on the off chance (alleged to be one in several billion) that your number, which you payed for at a lottery booth, has won. Your email address cannot "win" anything. Use your brain.

Similarly, you are very unlikely to be notified at random via email when some long-lost alleged relative has died and left you an inheritance.

But most importantly:

You won't win a lottery or inherit hundreds of millions of dollars every single day. You just won't.

SiL / IKS / concerned citizen

Friday, March 19, 2010

MSN Live Spaces: Wake Up!

Several of you may remember that last year I posted an open letter to Yahoo Groups since, at that time, they were the most abused free services used by spammers.

Over the course of many months, several of my colleagues and I assisted Yahoo's abuse teams to rectify the problem, and now they have a very accurate filtering system in place, as well as other means of stopping mass registrations of new Yahoo Groups entries.

Well here we are, only 8 months later, and we're seeing the same abuse happening on MSN Live Spaces, Microsoft's social media portal.

To be clear, the abuse of MSN Live Spaces has been going on at least as long as Yahoo Groups abuse, but it's only recently that we've seen a noticeable increase in the use of MSN Live Spaces Links in spam messages. For the accounts that I monitor, I'm talking about at least a 500% increase. For friends of mine, the increase is even higher than that. On average I now see over 180 messages every day which feature these links.

Some of my colleagues have had mild success in contacting members of MSN support regarding this. To date there has been only a tiny response to this problem, and the barrage is only increasing.

MSN's abuse process for reporting one single, individual offending MSN Live Spaces account is to fill out a form located here, manually entering as much information as the user can find out about the link, and including information which I guarantee the user will not know at all, such as which MSN account was the creator of the Spaces account in the first place.

Filling out that form for one offending URL is fine, if you're only receiving, say, one or two per day. Nobody I know is receiving fewer than 40 or more of these every single day. This is far from an intuitive method of reporting abuse.

All attempts to contact MSN Spaces abuse teams directly, including via this abuse form, has been met with no response, and no feedback on what happened to my report. In most cases, URL's I have reported remain alive several days or weeks later.

MSN Spaces: Wake up!

As we speak, the predominant spam I'm seeing for this is promoting the bogus (and previously mentioned) "Marmeladies.com" fake Russian Dating scam, but many more recent examples seem to focus on "Elite World Casino", another bogus online casino, possibly featuring malware in its installer software. Other newer spam messages I'm monitoring are now also promoting a Korean-hosted "Auto Warranty Source" website, currently hosted at americanwarrantyexpress.com, but of course that URL changes weekly. It's the same affiliate ID every time, however. This turns out to be a scammy US-only auto-insurance operation promoted by the Russia-based "AffZoo.com" affiliate program.

Prior to this month, the #2 type of spam abusing this service was for "Downloadable Software", a site which sells counterfeit versions of Microsoft Windows, Microsoft Office, and a variety of other popular software titles. The software these sites provide is known to contain malware and will cause your Windows computer to join one or another known botnet, operated by criminals, and actively engaging in illegal activity. MSN Live Spaces was likely chosen as the free-hosting solution for this spam because it's a Microsoft portal, so it would make these patently illegal software websites appear to have an air of legitimacy. I reported some 300 of these in the past two months. Only a very small portion of those URLs were ever shut down. (I just checked again and several dating back to January are still active.)

The point is: MSN is not doing anything about this. It's been going on for at least a full year now, and it's only getting worse. The abuse form provided to users is only going to be used by those who really want to spend a lot of time reporting one single URL. People receiving anything like the same deluge I'm seeing aren't going to bother, and of course MSN offers no bulk-reporting service whatsoever.

An obvious suggestion would be to have a quick, easy-to-click link that reports the MSN Live Spaces URL that you are currently viewing, and there you go. Done. Click on it, provide some details about why you think it's scammy, and submit. Blogger does this. Google Pages does this. Numerous types of forum software do this. MSN Live Spaces does not. Why?

Given that so far only 1% or less of my abuse reports have seen any kind of action taken; I believe it is safe to say that MSN effectively has no abuse process for this issue. As far as I'm concerned, I could block all inbound email messages featuring a "spaces.live.com" URL, and my spam would drop by at least two thirds. I know I'm not the only one thinking this, and already at least one spam blocklist has indeed flagged spaces.live.com as featuring a large amount of spammy URLs.

What will it take for MSN to address this problem? Why isn't anyone from MSN Live Spaces responding to any abuse complaints? Why has there been absolutely no modifications to their abuse form in well over a year, given that this problem has only increased?

I'd like to encourage readers of this posting to provide feedback directly to the MSN Live Spaces team, using their feedback form, especially if you, like me, are continuing to see the majority of your inbound spam messages featuring MSN Live Spaces links. This has to stop.

SiL / IKS / concerned citizen