Useful information, interesting links, and much more.
You are visiting  
Please choose a

Use the menu to view your

Choose an article with these menus. To return to your last choices use your browser's BACK button.
Special Links
American Patriotism
Short Cut Menu
God Bless America
 
Home Page

Click Picks
Internet & Security
Loading

   • Enter search text below.
   • Press the "Search" button.
   • Click "X" to return here.

14. You Have Won!

You might suspect a letter telling you had won millions of dollars. How about a few hundred dollars?

Next Page
See also

Most of us would probably ignore a piece of junk mail telling us that we had won millions of dollars in the lottery, especially if we don't play the lottery. This clever spam scam was designed to pre-condition your acceptance of just such a message.

What is especially clever is that the "grabber" in this scam is not a chance at millions of dollars, but only a few hundred dollars. Thus, you may be tempted to let your guard down this one time because everything seems so reasonable. Besides, the letter came from someone you trust.

Many thanks to "Sam", who has a forum on Delphi, for leading us to this scam. You can follow the thread on Delphi.
http://forums.delphiforums.com/spamwarehouse/messages?msg=585.1

 
 

This is a rather convincing letter, except for a few glaring issues. Most of us would probably accept that Yahoo! had embarked on some new venture and promptly forget about it. Well, mostly forget about it.

The style is a little rough but it is not nearly as bad as some we have seen. But note these subtleties:

  • In "Yahoo! Lottery, the word Lottery is in green. That is an eye catcher and good form.
  • The ® symbol between Yahoo! and Lottery is colored green, not red or orange like the Yahoo! name.
  • The grabber line, "Next winner could be you" flows from the prior text. One might expect this to appear entirely on a new line.
  • The text after "Lottery" does not revert to orange as might be expected: Yahoo!® Lottery Affiliate.

Apart from the choppy language, there are some subtle problems with this letter. But overall, this scammer did a rather credible job.

Text of e-Mail
Comments
You receive this e-mail because now you are a member of Yahoo! Lottery. You have received this letter because you are now a member of the Yahoo! Lottery.
Last week, your e-mail service provider registered as a Yahoo! Lottery Affiliate. Today, the registration has been approved, ...

Why do we care what the registration process was and why isn't the e-mail provider mentioned by name?

One would expect their provider to make this notification as a means of introduction to the other company. This is backwards.

...so now all the new members can win cash prizes from Yahoo! Lottery. Next winner could be you! This language is very choppy, especially the "tag line". How about, "The next winner could be you!"

The closing is the clever part of the scam. It offers a possible prize without asking anything in return. It is rather innocuous. There is one little catch, though, and it is subtle.

Every week, Yahoo! Lottery gives members random cash prizes. You will receive an e-mail notification if you are the winner. Good luck!

In a lottery the players buy chances. The winnings are distributed based on a random drawing of lots, hence the name. Lottery winnings are not prizes; they are part of the pot of money provided by all players being paid to some of the players.

Most of us will admit that our chances of winning the lottery are amazingly slim, yet we still hold out hope that we will be that one exception to the rule. So the enticement of a free lottery prize inspires a little greed in us.

In this case you have bought nothing and therefore you are not entitled to any winnings. Perhaps a better term for this scam would be a sweepstakes, which does not require a purchase and which does issue prizes. But a sweepstakes win seems far less attainable than the lottery. It can take months or years to win a sweepstakes, whereas a lottery is run daily or weekly and thus can generate quite a bit of excitement.

So where does all of this lead? Let's see what arrives in your mailbox in a few weeks, now that you have been pre-conditioned to expect it. This is really very clever.

 
 

Here it is! You have just won $300. Most of us don't expect to win much of anything in the lottery so this is a pleasant surprise. Best of all, it is free!

Or is it?

To receive your winnings you must click on a rather lengthy link, which is to an unsecured HTTP site. Rather than send you a check, Yahoo! Lottery is going to credit your on-line account, assuming you have one. That makes sense, since there is not a lot of money involved, right?

We think not. We have a few observations;

  • If there are only 12 winners, why do you have to visit an address of that length.
  • The letter does not mention the recipient's name or lottery ID.
  • The letter does not provide a means of authentication on the Website, i.e., an ID and password.
  • This is an interesting lottery in that there is no cost to play, there are only 12 winners, and $300 is one of the top prizes.

Even if you were to go to a secure HTTPS site there is no guarantee where you will really wind up. As you may have read in some of our other articles, it is rather easy to "overlay" a phony Web page onto someone else's page.

A quick test for an overlay is to click on one of the regular links on the page and then try to return to the suspected page. If you can't get there the page may be an overlay. Of course, the chances are also good that the scammers will solve that problem so beware!

So, in your haste to pick up your $300 you may willingly divulge your user name and password to strangers. Once they have full access to your on-line payment account, i.e., PayPal, there is no stopping them from doing whatever they like.

By the way, in your haste to collect your money, did you ever check to see if Yahoo! really has a lottery?

They don't.


Next Page
See also

08/21/05
   
www.Eagle-Wing.Net