in

Oh, you won an award? Don't click that vanity scam spam link

webspherepower-magazine-best-of-rocky-hill-awards-davidgewirtzgmail-com-gmail-2020-03-08-18-46-54.jpg

The more things change, the more they stay the same. The vanity award scam is one such thing. You may have heard of Who’s Who. The original Who’s Who was published back in 1849 and is still being published. It’s currently in its 172nd edition. As it was created, and as the official publication still exists, it chronicled prominent British citizens on a yearly basis.

Unfortunately, the term “who’s who” has been in the public domain for years. Because of its availability, numerous other publishers launched their own Who’s Who titles. Some of these were even legitimately published bound documents containing listings of presumably prominent individuals in whatever field whichever Who’s Who publication was about (i.e., Who’s Who in Medicine, Who’s Who in Toledo, Who’s Who in Low Carb Baking, and Who’s Who in ZDNet Readers).

What characterized nearly all of these was the pay-for-play demand. If you wanted to be included in the given Who’s Who directory, you had to pay for the privilege. Back before the internet, these scams were promoted via direct mail. Hundreds of thousands of offers were sent out, and some percentage bit. In most cases, the promoters did actually produce a document that the purchaser could show off. It was somewhat self-fulfilling: a buyer gained dubious bragging rights and the publisher made money.

Of course, back then, each offer sent out cost money for printing and postage. The scope of the offer (or scam, depending on how you look at it) was based on how many pieces of correspondence the promoter could afford to print and mail.

Anatomy of a poorly-executed scam

Now there are no such limits, which brings me to today’s laughable promotion. Someone sent me the spam shown at the top of this article. They clearly bought or acquired a list that did accurately connect some details to me: I did publish WebSpherePower Magazine and I did have an office in Rocky Hill, NJ. Except…

… I last worked in Rocky Hill in 2001. That’s a 19 year old reference. I left New Jersey in 2005 and moved to Florida. I left Florida in 2017 and moved to Oregon. I also stopped publishing WebSpherePower in 2014, a full six years ago.

The idea that WebSpherePower (which the scammer spelled as “Webspherepower”) would get a Best of Rocky Hill award in the “category of Media & Entertainment” is silly. Rocky Hill is only about one square mile. I think we were probably the only “media & entertainment” company in Rocky Hill at the time.

My first action, after chuckling, was to check the call-to-action URLs. I wanted to see if the visible URLs were hiding another URL underneath. HTML lets you label a URL, and spammers often use a fake URL as the label for a link that points to a much more dangerous URL. In the email above, the URLs were not hiding another URL.

But, as it turns out, a WHOIS check showed that the domain name in the call-to-action was registered at the end of January, just a little over 30 days ago. Newly registered domain names are often a hallmark of scammers.

whois-search-results-2020-03-08-18-41-25.jpg

whois-search-results-2020-03-08-18-41-25.jpg

So here’s what we have. Some bad actor apparently acquired a list with a 20 year old geographic profile and a six year old professional profile. If I were to have clicked on the link, I would undoubtedly have been offered the opportunity to pay a fee to collect my “award.”

Vanity award scams

This kind of scam is called a “vanity award” scam. According to the Better Business Bureau, these award scams have been on the rise over the past few months. BBB says these awards are often “sold” for a few hundred bucks.

Here’s the thing: if you are legitimately getting an award for something, you’re not going to be asked to foot the bill. Let’s be clear here. This is different from sponsoring an event. If you’re actively involved in your local community and you want to pay to sponsor an event and get your company’s name in lights, that’s one thing. But these awards are offered by unknown entities and have no connection with your community.

If you are presented with an email offering you an award, it goes without saying that you should ignore it. If you want, you can also report it to the BBB at the link here. You can also make a complaint with the Federal Trade Commission at FTC.gov/complaint.

Look, you already know you’re an awesome person. You don’t need to give in to vanity or ego and pay some crook for the privilege of getting to call yourself important. You are all already very special to me, too special for me to let you lose money and support criminals.

Have you been hit up with any scammy scams? If you were to award yourself one very special award, what would it be? Share with us in the comments below.


You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV.


Source: Information Technologies - zdnet.com

Phishing: Google just made it easier to use 2FA to secure your accounts

Passwords belong in time capsules, not IT ecosystems