Email sent to website owners claims to be an enquiry about buying links on the targeted website (Full commentary below).
Examples:(Received, February 2008)
Subject: Website Advertising Enquiry
My name is Edward Johnson and I am looking to buy links from good websites as yours (hoax-slayer.com). I will be glad if I can have a text link or a text box 120×60 or 125×125 on your site. Please advise what what will be the price for each of these ads, if it is placed:
1. On your homepage only
2. On all site pages
I will be very thankful to you if you take into consideration my requrest.
Subject: Website Partnership Enquiry
Browsing on the Internet I came upon your website (hoax-slayer.com ) and I find it very interesting and useful.
My name is Daniel Lee and the reason I am contacting you is my interest in purchasing advertising spot on your site. I will be very thankful if you tell me how much a text link or banner 120×60 / 125×125 on your home page or all pages will cost.
Thank you in advance!
Internet criminals have taken a somewhat unusual approach in the above scam emails by specifically targeting a particular group, namely website owners. The email purports to be an enquiry about the cost of buying text advertisements on the targeted website and asks the recipient to reply with the requested information.
Because the message is seemingly personalized in that it includes the web address of the targeted website, some website owners might be convinced that the request is legitimate. In fact, I initially believed that the first request I received was genuine. I regularly receive quite legitimate requests for advertising rates that are not dissimilar to these examples. However, my suspicions were very soon aroused after I received multiple copies of the same enquiry apparently signed by different individuals. While several were supposedly from one “Edward Johnson” as in the first example above, other identical messages were signed by “Jason Miller”, “Daniel Lee” and others. Also, some variations of the messages began arriving with slightly different text and subject lines (see second example above).
Moreover, the header information in the emails did not match the supposed senders of the message. The header anomalies suggested that sender addresses had been spoofed and the message may have been sent via zombie computers operating as part of a bot network.
In reality, the supposed enquiries are just rather clever variations of the long-running overpayment scam. If a website owner falls for the ruse by replying with advertising rates, the scammer will ostensibly “agree” to the price and send a cheque. However, the cheque will be for considerably more than the agreed price. The scammer will claim that the extra amount is to cover some third party debt and ask that the victim electronically wire the excess funds to a specified address. Alternatively, the scammer may claim that the overpayment was accidental and request that the victim wire the excess amount back to him as soon as possible.
Unfortunately for the victim, although the cheque may seemingly clear, the bank will later discover that it was stolen. By then the victim may have wired off the excess funds to the criminals responsible. The scheme is a method of laundering the proceeds of crime and will ultimately leave the victim out of pocket and possibly in legal trouble for receiving stolen cheques.
There are many variants of the same basic scam. Similar scams target those offering many kinds of different products and services online.