Comments on the Malwarebytes labs blog can be well written, valuable additions to our published work, and sometimes provide additional data that we missed. These are not those. Today we’re looking at some comments we got from spammers who apparently don’t look too closely at which site they’re at before they hit "Send".
Financial email@example.com sent in the following opportunity:
got my already programmed and blanked ATM card to withdraw the maximum of $50,000 daily for a maximum of 20 days.I am so happy about this because i got mine last week and I have used it to get $100,000.Mrs Glory is giving out the card just to help the poor and needy though it is illegal but it is something nice and she is not like other scam pretending to have the blank ATM cards. And no one gets caught when using the card.get yours from her.Just send her an email On firstname.lastname@example.org
Unsurprisingly, the same text shows up on a spam blacklist coming from a Nigerian IP in September of last year. As we can see below, these sort of financial scams tend to be copy pasted for years, by more than one scammer at a time:
Russian hackers for email@example.com posted news of hackers for hire:
Suspiciously similar to the previous pitch, these guys are playing on growing public awareness of online fraud rings to aid an air of “legitimacy” to their goods. Searching on the contact email provided yields a bit more of an honest pitch:
So what’s the problem here? Firstly, real hackers tend not to advertise in places like the comments section of the Economist. Also, there’s a robust industry involved with taking money for hacking services and then disappearing. Read a little more about how using these “hacking services” worked out for others: link.
Magic firstname.lastname@example.org takes things in a weirder direction with a wizard for hire:
This one has oddly kept the same contact phone number since 2013
Almost exclusively posted from Nigeria, these listings aren’t necessarily fraudulent on their face, but often serve as an entry point for the scammer to wheedle more and more money, or gain access to the mark’s financial accounts. There’s some pretty good advice from a “real witch” here on why you shouldn’t talk to a spell caster from Nigeria: link.
The totally real Illuminatimaganasolutioncentre@gmail.com offers us the best of a bunch, an invitation to join the Illuminati:
We actually saw these two years ago here (thanks to Chris Boyd.) The gist of it is that to get your new Illuminati membership card (which you should definitely not show anyone), you need to forward some fairly detailed financial information to Nigeria and wait patiently. Probably not a great idea. This particular Illuminatus also advertises at that number for cures to HIV, herpes, and cancer, as well as winning lottery numbers for unspecified countries.
Nigerian comment spam comes in waves, but it tends to have the same theme – if you wire some money to them, they can fulfill grossly outlandish promises. Hopefully people who read deep into internet comments will remember to do so with a critical eye.