Welcome and happy reading!

Since, like anyone else, I receive tons of scam emails and snail mail letters, I decided to present here some of these. All of these (and many more which I just delete) are scams. This means, what the senders have in mind is to racket one of us. And according to what I've seen, they do succeed quite often.

If you have similar letters in your mailbox, either disregard or play with the person knowing that you can't give him (or her) any information about:

  1. Your bank account,
  2. Your address — or any valid address if that matter,
  3. Your family, and
  4. any other information that you judge private or even intimate.

Ha! I say "Your"... even if you don't like your neighbor at all, don't give his information either. The Internet leaves tracks (hackers in the US are being caught one after another!) and you would certainly be in even bigger trouble.

In the meantime, I hope you will enjoy reading these letters as I do myself once in a while. 8-)I do not always add comments with the letters since I usually don't have time to do so, but there would often be a lot of joke to tell!



Latest Scams
  • Last update: 10/18/2016

    I thought this one scam was particularly good! As if I were under a real attack instead of the usual bullshit emails I get: very badly written, not correctly target, etc.

    In this email the user wants me to open an attachment, which would likely do nothing to my computer since I have Linux, but it is still very persuasive. Now the attachment may actually be totally safe to look at, it may just include a link to a website where they will charge my credit card and bye bye to your money!

    In any event, this is quite some progress from the usual scam.

    Return-Path: ...
  • Last update: 10/07/2015

    Pretty much all totals are computed using the exact same math on all computers... although I've see some invalid programs, I can assure you that the totals I get at Amazon are always correct. The one below was probably calculated by hand by the hacker who missed 12 cents... Just too funny!

    The tax and seller and all the other links were a big joke too, if you ask me. I have seen many links, but a short link does not take one enormous block as follows... I did not test it (I don't see the point) but such a large link, it's like it includes the whole page of data. It is not unlikely ...

  • Last update: 07/13/2015

    Interesting... So, if I follow, the guy is being kicked out for cheating, but then is afraid of losing his money because of religious reasons. Am I missing something?

    Clearly a case of money laundering, but still.

    Oh. I like the fact that he uses the verb "accede", even though he cannot spell assistance and "i" is always lowercase.

  • Last update: 02/11/2015

    I got this one today... I wonder how many people get caught by such emails!

    The important part, I found, is this:

    * PLEASE NOTE: If the verification is successful you will be transferred to the Citibank Welcome Page and you can you use account as regular. DO NOT Make any changes to your account.

    They clearly ask you not to change anything one you are really logged in your account. Which is probably a good idea, because if you give them your credentials first, logging in and changing your password will throw them off a bit!

    The other interesting aspect is the email address which includes a strange code:


    You wonder how they thought of that one... especially because most businesses will send alerts with accounts such as "noreply@my-business.com" and not some auto-generated email.

  • Last update: 01/14/2015

    This time I have to verify my identity with the IRS. Interestingly enough, I have to use a 1040 form which I suppose I sent them before. Really? What will that give me?

    The link was to a really long URL which started with irs.gov which is the true domain name of the IRS:


    Only it continued with many more sub-domain names and the real domain in that link was joyventure.net which is owned by someone in Buenos Aires, Argentina. Obviously, not the US Internet ...

  • Last update: 12/13/2014

    Got a facebook account? Maybe you'd like to get it fixed because a hacker just got in...

    The link was:


    which looks very similar to a link Facebook would send you, but really... they would NEVER use a 3rd party like that for the purpose stated here. Anyway, if you gave away your password following such a link, good luck to you!

    Return-Path: <zmjsdate1483de@idefix7.rt.cmo.de>
    X-Original-To: alexis@m2osw.com
    Delivered-To: alexis@m2osw.com
    X-Greylist: delayed 344 seconds by postgrey-1.34 at jc; Sat, ...
  • Last update: 10/28/2014

    This one surprised me today.

    LogMeIn sending me an email, that was already a surprised since I do not recall creating an account there, but the most surprising was the text in the email saying "download this certificate". Any semi-knowledgeable person would know that certificates are on servers and just work. You do not specifically download them.

    Also, as a server administrator, if it were truely a fix for Heartbleed, man! That company was S.L.O.W.

    The two URIs in the email would say one thing and be something completely different. Both would send you to a hacked WordPress ...

  • Last update: 11/22/2014
    Return-Path: <backpacf@server2.twfhosting.com>
    X-Original-To: john@m2osw.com
    Delivered-To: alexis@m2osw.com
    X-Greylist: delayed 22815 seconds by postgrey-1.34 at jc; Wed, 09 Jul 2014 00:26:52 PDT
    Received: from server2.twfhosting.com (smtp.twfhosting.com [])
    	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
    	(No client certificate requested)
    	by mail.m2osw.com (Postfix) with ESMTPS id D5769CE0245
    	for <john@m2osw.com>; Wed,  9 Jul 2014 00:26:52 -0700 (PDT)
    Received: from backpacf by server2.twfhosting.com with local (Exim 4.82)
    	(envelope-from ...
  • Last update: 06/25/2014

    Ah ha! There is why these people do not want to give their real name: for political reasons!

    Good. Good.

    Return-Path: <john_izing3@outlook.com>
    X-Original-To: alexis@m2osw.com
    Delivered-To: alexis@m2osw.com
    X-Greylist: delayed 304 seconds by postgrey-1.34 at jc; Wed, 25 Jun 2014 23:17:27 PDT
    Received: from BLU004-OMC3S27.hotmail.com (blu004-omc3s27.hotmail.com [])
        (using TLSv1.2 with cipher AES128-SHA256 (128/128 bits))
        (No client certificate requested)
        by mail.m2osw.com (Postfix) with ESMTPS id 1F782CE024A
        for <alexis@m2osw.com>; Wed, 25 ...
  • Last update: 04/03/2014

    Okay... I hit a record last night (Fri 20, 2006 to Sat 21, 2006): 550 emails in about 14 hours (I already had 483 in about 8 hours!)

    I'd say, wow! so many compagnies offering all of these wonderful products... But let's look a bit at the subject of these 550 emails... First of all, I do a "cat 550.txt | sort -u | wc" and I get 309. That means 241 emails are duplicates. Who would want to do that?! Total idiots? Certainly. Imagine that I send you 242 times the exact same email. How stupid would you think I am to do such a thing? And yet, if these people continue to send the ...