Security Corner

Mar 12 2011   12:37AM GMT

Anatomy of An Email Scam?



Posted by: Ken Harthun
Tags:
E-mail scam
Online Scams
Phishing

Got this email a couple of days ago. I was going to delete it, but somehow it looked legitimate:

I'm interested in purchasing kennyhart.com.
I'd likely be able to pay in the $200 - $700 range for it.
Let me know whether or not you are open to hearing a formal offer.

Now, that seemed right in the range of what I know the domain is probably worth, so I answered the email:

Sure. I was thinking about flipping it and my website.
Let me know what  you have in mind.

To which I received this reply back:

Thanks for getting back to me.
I can offer you $xxx for KennyHart.com  and all associated content.
Let me know if you are interested and we  can get the ball rolling 
on the transfer.

I wrote back and told him I was up for it. The offer was a fair one and I was ready to accept it. He wrote back with this:

Great.  The easiest way to send the payment will be paypal.  Do you
have a paypal account?

Something felt a little odd that this was going so quickly and way too easy, but since I have PayPal locked down with 2-factor authentication, I wasn’t too worried about getting hacked. Still, I had to ask a simple question, so I replied with this:

I have PayPal. The PayPal email address is xxx@xxx.net.

Please clarify what you mean by "all associated content."
I assume you mean the content at Ask the Geek and Singing Songwriter web sites.
The writer website has no content at this time and copyright for my original
music is not subject to transfer, as I do not own 100% of the songs.

No reply. No payment. Nothing. It just stopped dead. As it stands right now, I believe it’s possible that I was targeted with a manual phishing attempt. It’s either that, or he decided my terms were a deal killer. Like I said, it appeared to be legitimate. He does have a website posted that solicits people to sell him their sites.

What could someone do with my PayPal email address? Attempt a brute force attack on my password, that’s what. Though that would never work because of the 2-factor requirement.

I’ll probably never know.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: