Get Rich Quick Scam Forges Genuine News Agencies Web Pages
Gmail Spam
I recently received two emails from a friend’s old Hotmail account, but to two of my email addresses.
Email Spam
Probably, the account has been hacked as I could detect no spoofing in the emails’ headers. These are the emails, with the email addresses blacked out.
Initial Email Investigations
The text is similar in that they try to entice a user using pretty poor English to click on the shortened URL links, which are active.
Here’s how the links work:
To my Email address;
cbsbusiness9
I had http://goo.gl/yKvD3 which then goes to
http://cbsbusiness9.com/uk.html?/partners/the-guardian/small-business/5672-9782-67834/making-money-online/
To my GMail address;
cbsnews-article
I had http://goo.gl/UK5jj which then goes to
http://cbsnews-article.com/uk.html?/partners/the-guardian/small-business/5672-9782-67834/making-money-online/
The screenshots show the results using a neat Firefox plugin, Flagfox, which displays the source IP address and country on mouse-over.
The WHOIS’s of each domain are almost identical. These are screenshots.
That Arthor Brown’s a one, eh? Notice the Ukrainian, Russian and New York connections? Who is/are or what is:
TNew line ave 172 95
NY, 18274
UNITED STATES
+1.7343541732
Google Search on +1.7343541732
Googling the phone number pulls out a heap of (not)surprises including an awful cesspit of scamminess that’s now starting to rival Pacific Webworks’ Google Treasure Chest and Jesse Willms’ Colon cleansing efforts! (We saw these scams a few years back – check the links)
Just check out the fake news and dodgy sounding sites in the search results…. These are the first couple of pages of current search results:
- Com-news8.net
- Bcnews8.com
- Dildobigg.com
- Raspberry-Ketone24.com
- BigGgEts.com
- HurtGuys.com
- GrowsPeniss.com
- HugerAss.com
- Com-news9.net
- Com-nbcnews9.net
- coloncleanse-extreme.com
- nbc9news.com
- nbc1news.com
Arthor Brown is in most of them with his Yahoo! email address as [email protected] Please don’t confuse him with this Arthur Brown, but yes, handle all of these websites like Fire!
Forged Webpages of The Guardian Newspaper
cbsnews-article.com screen capture 2012-12-12-16-3-51
cbsbusiness9.com screen capture 2012-12-12-16-3-23
The Guardian, is an old and respected news organisation in the UK. CBS is a long-established US media network.
They, and the purported author of both webpages, Sirena Bergman, must be pretty pissed off about the hijacking of their names.
Also to be annoyed, is Lloyds TSB Bank who apparently are “in association” with this get rich quick scheme for work at home moms!
Completely Forged News Articles!
Indeed they are.
- The articles are dated “December, 11:41″, which is odd since there’s no day, just month and time!
- Both articles are embedded in genuine Guardian web-pages, with all the links surrounding the article going to genuine Guardian web-pages or genuine advertiser websites!
- The hook links in both forged webpages go to http://workinghome22.com/go.php
The forgery is done in the same manner as the well-known phishing scams done for banks and on-line finance and insurance.
Apart from the images sourced from The Guardian, the scammer’s images are sourced from:
- ddmcdn.com which is HowStuffWorks.com!
- localconsumeralerts.com
- prosperadtracker.com
- ophan.co.uk
So, Who Is workinghome22.com
Bad Gateway
The first link was dead, opening a bad gateway so the expected redirect didn’t work. The tracking pointed back to Ireland!
Bad Gateway
The second link worked, but the sweetly named workingfromhome22.com wasn’t the destination. No, the link immediate re-directed to http://onlineincnow.com/2/?aff_sub=72
Well, at least the affiliate number 72 is getting paid….
But hang on, who exactly is workingfromhome22.com?
workinghome22.com screen capture 2012-12-12-16-31-44
Well, typing the URL directly takes me to workingfromhome22.com! This is it!
Cunningly, you’ll note that it’s pulled out my home-town as Bournemouth (where I live) with that awful “mom” Americanism! No-one in the UK addresses their mother as mom… I mean, FFS?
The webpage links, containing the disreputably used graphics of Thomson, Reuters, CNBC and NBC Universal all point to http://workinghome22.com/go.php, which is of course in this domain. So let’s click it, shall we?
Well, pctrck.com is trying to load, but not much else.
Reversing then trying to exit workinghome22.com produces a pop-up of dubious functionality! Check the words – there’s no cancel button!
workinghoome22_Popup
I did however manage to successfully close this page following that. Whew!
Now Back to onlineincnow.com
OnlineIncNow Location
The previously mentioned http://onlineincnow.com/2/?aff_sub=72 is located in the USA.
So What Is It Up To?
OnlineIncNow.com Whois Record
Good Question! A WHOIS puts the registrant in China with the DNS servers in Russia!
As I mentioned earlier, the similarity of the scamminess of this thing is just like the Google Treasure Chest/ Google Money Tree / PWW scams of old.
The site is plastered with the logos of well known businesses to ad an air of authenticity to things (just as the original hook sites used The Guardian Newspaper and CBS in the same way) yet at the bottom of the page they disingenuously ad:
This site and the products and services offered on this site are not associated, affiliated, endorsed, or sponsored by NBCNEWS, ABC, USA Today, CNN or Fox News, nor have they been reviewed tested or certified by NBCNEWS, ABC, USA Today, CNN or Fox News.
onlineincnow.com T&C Screenshot
Despite all this, it is of course bollox set to deceive. In fact, it now appears that it’s the well known negative option scam, used by Pacific Webworks (PWW) and Jesse Willms to good effect until they were found out.
Let’s see how this pans out, shall we?…..
Check out the T&C page from the tiny link in the page footer – screenshot on the right.
- They say that the applicable law is the State of Florida.
- You will become a “member” and the key phrases are here:
You must register as a “Member” with Online Income Now to access certain functions of the website. You must provide current, complete and accurate information about yourself (the “Registration Data”) when registering as a Member. You agree that such information is truthful and complete. You agree to maintain and keep your Registration Data current and to update your Registration Data as soon as it changes. You are responsible for maintaining the security of your password. Online Income Now is not liable for any loss that you suffer through the use of your password by others. You agree to notify Online Income Now immediately of any unauthorized use of your account or other breach of security known to you. You also, by becoming a Member, agree to report violations of these Terms and Conditions by others to Online Income Now.
For a limited time only, the cost of this product is $97.00 ( usual price $299.95 ) and every 32 days thereafter you will be billed the member’s only price of $9.95 for the monthly use.
MATERIALS PROVIDED TO Online Income Now OR POSTED AT ANY Online Income Now’s WEB SITE
Online Income Now does not claim ownership of the materials you provide to Online Income Now (including feedback and suggestions) or post, upload, input or submit to any Online Income Now Web Site or its associated services (collectively “Submissions”). However, by posting, uploading, inputting, providing or submitting your Submission you are granting Online Income Now, its affiliated companies and necessary sublicensees, permission to use your Submission in connection with the operation of their Internet businesses including, without limitation, the rights to: copy, distribute, transmit, publicly display, publicly perform, reproduce, edit, translate and reformat your Submission; and to publish your name in connection with your Submission.
You’ll see that “Online Income Now” will:
- make you a “member” (of what?)
- and you will be regularly billed, (why?)
- and that for anything you post, upload etc (wah? whadya mean? Where is this uploading?), “Online Income Now” will take no responsibility for what you do!
…………….which is curious as you don’t know what you’ll be doing and they have invited you to do it in the first place!!!
Now Lets Click The Link! Follow that Opportunity!
2 Spots Left!
Amazingly (sarcasm alert) there are two “spots” left in my area! This is the page… http://onlineincnow.com/2/index2.php
Michelle Johnson is the “guru” who will tell me everything! So what do I do? I have two options:
- Back out
- Sign up
Let’s Try Backing Out, Shall We?
Cannot Backout From OnlineIncNow 2
Cannot Backout From OnlineIncNow
Well of course, they won’t let me. It takes two goes to get out and the first one completely takes over the browser! Bad. This is B.A.D.
Ah, well. Finally escaped.
Let’s Try Clicking to the Signup Page, Shall We?
secure.onlineincnow.com Data Entry Screen
I decide on my name, “Jobless Jake” and a random phone number…. The website is now https://secure.onlineincnow.com/2/cc_97.php
What I see is bad, really bad, and any attempt by this pack of jokers at saying they don’t run a negative option scam is now revealed on this sign-up page!
The scam is now revealed for what it is – a negative option scam! Read it carefully….. They expressly say;
By enrolling, you will be charged a one-time fee of $97.00
In teeny-tiny letters, note!
But remember, right back buried in the T&C’s they say;
every 32 days thereafter you will be billed the member’s only price of $9.95 for the monthly use.
This is expressly against the FTC code and laws in most countries. If any extra charges are to be levied for any service or goods, they should be expressly stated on the sign-up page where the customer first enters their financial details.
Gotcha! You Bastards!
Okay, I’ve Had Enough of This. I’m Off!
“Not so fast, young Jobless Jake”, say onlineincnow.com……!
Cannot Backout From OnlineIncNow 3
They’ve an extra 20% off plus and extra bit of webpage-erese! The screenshot says it all, though it wasn’t the end of it. I had one more “Leave Page” option like the earlier one above.
Conclusion
Negative Options are banned by law in most countries. If you get collared by one, you’ll have a job stopping the bastards taking money from your account for ages. The only sure way to stop this once you’ve been sucked in is through….
- Chargebacks. Get your bank or card company to get a charge-back saying the terms of trade or purchase were hidden (as seen in my screenshot above).
So………………….
- It’s a scam.
- Stay away from it.
Related articles
Akismet and Jetpack Issues, Stop Spammers and CloudFlare Save the Day
Posted in Technology Tags:Akismet , Alternative , Australia , Cache , CDN , Comment Spam , Copyright , DANIEL , Database , DNS , Domain , EVERYTHING , experience , functionality , gallery , godaddy , good , GOOGLE , GREAT , hell , Internet , IrfanView , Jeff , LAMP , LOVE , malware , management , MEDIUM , Microsoft , performance , Plugin , PLUGINS , POST , Protection , REAL , registration , RELATED , RESEARCH , sabre , screenshot , Security , SEO , SERVICE , site management , social networking , Spam , speed , statistics , Super Cache , tandem , Test , Texas , TRAFFIC , trial , truth , UK , VIDEO , WARNING , WARNINGS , Wassup , WikiLeaks , WordPress , WP , YARPP
My Web Host Penalised Me Yet Helped Speed Up My Site
Introduction
shared web hosting
This site used to be hosted on Site5, in Texas. I had a shared web host account, about the cheapest there is on Site5 though by no means the cheapest around (I’ve had experience of really cheap hosts….). It worked alright, site management was good. Then, I got hit by spammers. Twice. Big time.
Each time, this slowed the site down, made life hell for other shared accounts, especially when I introduced WordPress plugins to counter this.
Naturally, Site5 advised me to stop the hits or they’d pull my account (they’d already temporarily disabled it). They advised me to cut the plugins, using GoDaddy’s plugin testing tool, WordPress Plugin Performance Profiler (P3). So I did this, and after some trial and error, got the running processes down. Of course, I lost a bit of neat functionality.
Testing Times
Apart from internal WordPress testing, it pays to test your site as if you are someone else somewhere else. Pingdom have a set of tools that does just this, testing from various global locations and I can recommend it.
Result!
I used an iterative approach, testing various combinations of plugins and systems to end up as being in the top 8% sites for speed in the world! Not bad for free is all I can say! You’ll see in the screenshot above, that 92% of websites are slower than mine…. So is it really free? Here goes…..
Paid For:
Free:
Pingdom Says
Automattic Issues
WordPress (which this site uses) is built by the Automattic team and naturally have expanded over time. I’ve used their plugins for many years, Akismet from the off, which is a comment spam blocking system. Latterly, they came out with Jetpack, where they say,
P3 Selected Output
This is all well and good, except when I tested it using the P3 plugin profiler, Jetpack was the biggest drag on everything! The worst part of it, was that actually, I was only using a small part of its features and it was still the biggest suck on performance.
So much for the awesome cloud power. On top of this, you’re now supposed to pay for parts of Automattic’s offerings, like Akismet, the comment spam blocker while a major offering of theirs was actually slowing my site right up!
What Did I do?
Change host!
Well not initially, actually, though the heavy-handed Site5 approach got my ire a bit I must admit. I did do loads of tests with a host of caching, anti-spam and page load improvement plugins first…
Vidahost
I now use Vidahost in the UK. The site is faster to manage (along with my others) since the servers are in the UK with me, and it’s cheaper, providing almost the same functionality and tools as Site 5. I took the opportunity to clean out a few dead files in the process, but essentially, all was moved, database and files. The lot. Just twiddled config.php and the .htaccess file a bit.
I did worry that my American visitors, who are actually in the majority, would suffer slower speed and thus I’d get hit in Google rankings, but hey, wait for later…!
I got it all working and as part of the whole “thinking” process since the very first warnings from Site 5, I’d been looking for better things.
Looking at Things Closely
So I like certain plugins or functionality. I try and use the one that works best for me. Too many plugins make a big hit on the server and thus website loading.
Caching
A way round this is caching. e.g. If a post is created and has related posts clagged on the bottom using YARPP, then the post is cached and YARRP is only running once. How and where the caching is done is the crux of the issue…
Site 5 suggested W3 Total Cache as a better alternative to Wp Super Cache, which I’ve used for years. Naturally, I’ve tested this and my conclusion was that it could be fast, and it was fast for a while, but over time on each of my sites I got issues around lock-ups and the huge and complex caching system around files, databases and sprites. This list is long.
I’ve also tested various database query caching plugins likewise over the years. W3 Total Cache incorporates this method too, but ultimately, it made too much work for not a lot of difference IMHO, since I’m lazy.
However, it did point me to one thing! CloudFlare.
CloudFlare
CloudFlare Admin1
Ah. The power of the cloud is back!
Not only that – it works!
CloudFlare Admin2
You re-direct your DNS at your domain registrar (joker.com in my case) to CloudFlare’s DNS servers, set up the site malware protection level you want – then after a few hours your whole site is cached and protected. Best of all, it’s free for a little site like this!
In fact, using CloudFlare speeded everything up even before I got caching going again…
Further Plugin Work
Now, I went back to Wp Super Cache from Doncha and it all works fine. Site speed good. I then ditched Jetpack after testing it again. It really does interfere with all comment plugins, and I really like this comment one as do people who comment here:
It works great and does everything I want. So Jetpack, it’s bye bye. Take all your fancy commenting system, your stats, your social media and fancy image handling.
But What About Comment Spam?
Stop Spammer Results2
Stop Spammer Results1
I’ve found the best solution is a plugin called Stop Spammer Registrations Plugin. It needed a bit of fine tuning and a re-activation of Akismet to whip out a few wisps of spammer, but it works and seems to trap and report more spammers than ever Akismet did alone. Akismet, by itself, does the commenting bit in tandem with the plugin, rather well.
Registration Spam
SABRE Results
Unfortunately, during testing, a few unwanted visitors managed to register on the website. They can’t do real harm since I use the lowest role level at registration time. So I re-enabled SABRE and since then, no more unwanted visitors. I’ve tested SABRE as a visitor and the settings I’ve chosen are just about right – I’ve had issues with it previously when it blocked registration! But reducing the feature set and re-uploading a clean plugin fixes that.
CloudFlare and the CDN Issue
I toyed around getting a CDN to host images. But they (can) cost and anyway, I’ve gone off Amazon and others because of their anti-Wikileaks actions plus they don’t pay UK tax…
Delayed Image Loading
However, in the course of my reading, I found that images can be loaded just as the page comes into view, which speeds up page loading, and as a consequence the perceived nippiness of a site. The plugin BJ Lazy Load does this for me and works brilliantly. Check this last post about Australia which has a lot of medium sized images to see them pop into view!
Delayed Javascript Loading
I use two plugins that handle this end of the issue around JavaScript.
Statistics
WP SlimStat1
Well, Jetpack is gone. I won’t be using it unless some serious improvements are made, it being the prime reason for the server load that brought me to this position in the first place. As soon as I disabled it (and simultaneously blocked all comments to the site, which isn’t the best thing, this being a blog after all), all server loads went away.
I now use SlimStat and it works very well. I’ve tried many over time, including Google’s analysis tools, my webhost’s stats tools, Wassup and more, but for now, this is it.
Conclusion
My site works pretty fast and is pretty protected from the bad guys. I actually still use more plugins than what is usually recommended – 50 is a huge lot according to web gurus and sages. Currently there are 31 in active operation with 8 inactivated. I love trying new ones, it’s like that, that’s just the way it is.
The delayed image loading is particularly apparent on a post with a lot of images, say this recent one. The post loads fast and you see the first images load, and as you scroll down you’ll see other images appear with a slight delay.
All the other stuff is incremental improvement, with the biggest, by far, being the free CloudFlare service which I cannot recommend highly enough. It’s a no-brainer, go and do it?
My Full List?
These are the plugins currently running that help my site work. Many are for security, which demonstrates the state of play versus the bad internet guys full well.
Related posts:
For no reason …other than a try-out and also the current anti-spam plugins miss the odd bit of comment spam, I’ve now switched off TanTanNoodles’ Spam filter and am giving WP-SpamFree another try plus another plugin, AVH. I’ve left Akismet running regardless. WP-SpamFree This now promises a lot, so it’s worth another shot. Two years...
Introduction I’m a born twiddler. Even though something works quite happily, I’ll try something else. So it was yesterday. In an effort to improve the ‘user experience’ and promote a bit of feedback on this website, I’ve been twiddling with various plugins. Caching for Speed Some time ago I changed caching methods from Donncha’s WP...