What alerted me first was the notification of a charge to my Visa card for a purchase. That’s a problem for two reasons:

• I’ve never bought anything, ever, from NewEgg.com.
• I don’t have a Visa card.

On top of that, all of the links go to a site that displays a 404 Not Found error.

The strange thing is that there’s no working link to ANY site, not even a phishing site. But this could be a simple ploy to test whether or not my email address is accurate and active.

When I contacted NewEgg.com customer service, I was told that it may have been a message sent in error from their order department.

Another possibly-suspicious factor is the return path to an Indian address.

Here’s a copy of the email message:

(*Innocent parties’ domains and names have been obscured. http://putmeonthenet.net is shown because the links are to a non-existent page on that site.)

It’s a basic phishing scam that seeks to steal your Twitter ID and related information.

As usual, the superficial giveaways are…

• Poor English — really simple mistakes in grammar, syntax and spelling.
• Easily-checked fake links — just hover your mouse over the fake Twitter link to see the REAL destination URL.
• Meaningless links — not your real Twitter user name.

Please pass this on to your friends, colleagues, family, etc who use Twitter. Share it online using the button below.

The errors in English used are more subtle in this one, but they’re there. (We don’t point them out: there’s no benefit in teaching better English to criminals trying to steal your money, your identity or your computer.)

Tell-tale signs include names in the BCC: field (valid emails never display the content of the BCC:, or BLIND Carbon Copy, field — that’s the whole point of that field, to mask the addresses), and really obvious errors in the English used. Punctuation errors, too.

As always with scams, there are basic errors in the spelling, grammar, punctuation or syntax.

Yeah… right.

In this case, it’s a straight phishing scam aimed at stealing your identity and your webmail account, wherever you have that webmail account (your workplace, Hotmail, Yahoo, etc).

The usual stuff still applies: poor English, literal spelling and really obvious grammatical mistakes, etc.

Here’s an example of the spam message:

And here’s what the attachment looks like:

Don’t be fooled. It‘s an identity theft scam. When you try to “log in”, the form content is sent to the scammer. The other links are simply there to make it appear more legitimate.

The first three lines are the only ones that matter.

How on earth do people’s computers end up being hooked into these worldwide bot networks?

Easy.

They open spam messages with attachments with no idea what they contain.

They download free games, music, videos, screensavers, etc, etc, etc with adware, spyware and other malware (including keyloggers, trojans, viruses and worms) attached or embedded. (Keyloggers record your keystrokes when entering usernames and passwords for everything from your Facebook account to your bank account, then send them to the vermin who sent them to you.)

A current crop is the “Please view my resume (or CV)” scam. Take a look at these messages we’ve received over recent weeks. They all claim to be from different people, but the messages are all the same (including misspelling “quite interested”), they contain attachments all around the same size and you open them at your peril.

We have dozens more examples.

Now we’re seeing a new twist on this scam: the Amazon shipping label variation.

The Bottom Line:

Do NOT open these messages! NEVER!

If you’re not expecting an attachment, don’t know the sender or you’re suspicious, either get in touch with the sender and confirm the contents (and if you don’t know the sender, STILL treat it suspiciously!)

Download reliable adware, spyware and malware removal software and run it regularly (at least twice a week, or daily if you work regularly with your computer). You need several applications, because they all seem to remove different kinds of malicious scripts.

Here are some reputable free software applications (Google these products if you’re not sure of download sources):

Adware and Spyware Removal

• Lavasoft Ad-Aware 2008
• Spybot Search and Destroy 1.6
• MalwareBytes Anti-Malware highly recommended
• Microsoft Windows Defender
• SuperAntiSpyware Good for removing Zlob trojan infections
• Ewido Anti-Malware
• a² (a-squared) Scanner

Preventing the Installation of Adware and Spyware

• SpywareBlaster 3.5.1
• SpywareGuard 2.2

The whole thing sounds very plausible and attractive, and I’m sure the spammer will make a lot of money from the mindless morons who take up the offer without thinking about it, other than to see dollar signs and overnight success.

WARNING!

This is a SCAM, and falling for it could cost you not only the money you pay to the spammer, but your Internet access, your PayPal account, your email service and your assets — including your home, cars and business.

How do I know it’s a scam?

Apart from long experience exposing scams and scammers, there are plenty of tell-tale warning signs and plain, common sense reasons why this is NOT legitimate. Here’s a short list of a few of them…

• Nobody but PayPal has access to that many of its account holders’ details. And certainly not legally or legitimately. If they do exist, they’ve been stolen. More likely, this is just a professional spammer (criminal!) re-branding his existing database as a list of PayPal account holders on the basis that so many people have PayPal accounts that there’s a fair chance that many of the addresses on his database are actually PayPal addresses.The one thing you CAN be 100% sure of is that PayPal has NOT provided them!
• Spammers are all thieves and liars. They lie to the recipients of their spam messages, they lie to their customers, and they lie to their prospective victims. They steal email addresses and other elements of identities, they steal bandwidth, they steal access to thousands of computers harnessed into their botnets (via trojans attached to emails, music downloads, games and other freebies — is your computer safe?).
• Spammers use false addresses to hide their identities. Take a look at this screen capture of the email message I just received… then check out the Google Map street photos of the senders alleged address.

Photos of 24052 Eucalyptus Ave, Moreno Valley, California:

The Bottom Line: Don’t deal with people offering you these kinds of deals. They WILL land you in trouble and cost you plenty.