Welcome and happy reading!

Since, like anyone else, I receive tons of scam emails and snail mail letters, I decided to present here some of these. All of these (and many more which I just delete) are scams. This means, what the senders have in mind is to racket one of us. And according to what I've seen, they do succeed quite often.

If you have similar letters in your mailbox, either disregard or play with the person knowing that you can't give him (or her) any information about:

  1. Your bank account,
  2. Your address — or any valid address if that matter,
  3. Your family, and
  4. any other information that you judge private or even intimate.

Ha! I say "Your"... even if you don't like your neighbor at all, don't give his information either. The Internet leaves tracks (hackers in the US are being caught one after another!) and you would certainly be in even bigger trouble.

In the meantime, I hope you will enjoy reading these letters as I do myself once in a while. 8-)I do not always add comments with the letters since I usually don't have time to do so, but there would often be a lot of joke to tell!

Soap Bubbles


Latest Scams
  • Last update: 07/06/2017

    I got this one today... I wonder how many people get caught by such emails!

    The important part, I found, is this:

    * PLEASE NOTE: If the verification is successful you will be transferred to the Citibank Welcome Page and you can you use account as regular. DO NOT Make any changes to your account.

    They clearly ask you not to change anything one you are really logged in your account. Which is probably a good idea, because if you give them your credentials first, logging in and changing your password will throw them off a bit!

    The other interesting aspect is the email address which includes a strange code:


    You wonder how they thought of that one... especially because most businesses will send alerts with accounts such as "noreply@my-business.com" and not some auto-generated email.

  • Last update: 01/14/2015

    This time I have to verify my identity with the IRS. Interestingly enough, I have to use a 1040 form which I suppose I sent them before. Really? What will that give me?

    The link was to a really long URL which started with irs.gov which is the true domain name of the IRS:


    Only it continued with many more sub-domain names and the real domain in that link was joyventure.net which is owned by someone in Buenos Aires, Argentina. Obviously, not the US Internet ...

  • Last update: 12/13/2014

    Got a facebook account? Maybe you'd like to get it fixed because a hacker just got in...

    The link was:


    which looks very similar to a link Facebook would send you, but really... they would NEVER use a 3rd party like that for the purpose stated here. Anyway, if you gave away your password following such a link, good luck to you!

    Return-Path: <zmjsdate1483de@idefix7.rt.cmo.de>
    X-Original-To: alexis@m2osw.com
    Delivered-To: alexis@m2osw.com
    X-Greylist: delayed 344 seconds by postgrey-1.34 at jc; Sat, ...
  • Last update: 10/28/2014

    This one surprised me today.

    LogMeIn sending me an email, that was already a surprised since I do not recall creating an account there, but the most surprising was the text in the email saying "download this certificate". Any semi-knowledgeable person would know that certificates are on servers and just work. You do not specifically download them.

    Also, as a server administrator, if it were truely a fix for Heartbleed, man! That company was S.L.O.W.

    The two URIs in the email would say one thing and be something completely different. Both would send you to a hacked WordPress ...

  • Last update: 11/22/2014
    Return-Path: <backpacf@server2.twfhosting.com>
    X-Original-To: john@m2osw.com
    Delivered-To: alexis@m2osw.com
    X-Greylist: delayed 22815 seconds by postgrey-1.34 at jc; Wed, 09 Jul 2014 00:26:52 PDT
    Received: from server2.twfhosting.com (smtp.twfhosting.com [])
    	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
    	(No client certificate requested)
    	by mail.m2osw.com (Postfix) with ESMTPS id D5769CE0245
    	for <john@m2osw.com>; Wed,  9 Jul 2014 00:26:52 -0700 (PDT)
    Received: from backpacf by server2.twfhosting.com with local (Exim 4.82)
    	(envelope-from ...
  • Last update: 06/25/2014

    Ah ha! There is why these people do not want to give their real name: for political reasons!

    Good. Good.

    Return-Path: <john_izing3@outlook.com>
    X-Original-To: alexis@m2osw.com
    Delivered-To: alexis@m2osw.com
    X-Greylist: delayed 304 seconds by postgrey-1.34 at jc; Wed, 25 Jun 2014 23:17:27 PDT
    Received: from BLU004-OMC3S27.hotmail.com (blu004-omc3s27.hotmail.com [])
        (using TLSv1.2 with cipher AES128-SHA256 (128/128 bits))
        (No client certificate requested)
        by mail.m2osw.com (Postfix) with ESMTPS id 1F782CE024A
        for <alexis@m2osw.com>; Wed, 25 ...
  • Last update: 04/03/2014

    Okay... I hit a record last night (Fri 20, 2006 to Sat 21, 2006): 550 emails in about 14 hours (I already had 483 in about 8 hours!)

    I'd say, wow! so many compagnies offering all of these wonderful products... But let's look a bit at the subject of these 550 emails... First of all, I do a "cat 550.txt | sort -u | wc" and I get 309. That means 241 emails are duplicates. Who would want to do that?! Total idiots? Certainly. Imagine that I send you 242 times the exact same email. How stupid would you think I am to do such a thing? And yet, if these people continue to send the ...

  • Last update: 04/03/2014

    Another letter brought to you by unscroupulus people... This one arrived in my mail box. The standard one. You know... the one next to the house. It's also called SnailMail. I won't put too much comments, there is another such letter I received which includes quite many comments (See LVAAP).

  • Last update: 11/24/2014

    Wow! I'm not too sure I understand what did happen at CapitalOne here!? I got the page presented at the bottom for a little while and now it seems to work just fine (I get what I assume would be the regular login screen.) It could be that they were protecting their users from different bad emails going around (like this one.) This is still really weird!

    Okay, usually, I don't mind too much what businesses do... but now that's becoming really really really bad!!!

    I suppose Banks are not listening to what is happening in the world and thus they have to do the contrary of what ...

  • Last update: 03/30/2014

    Not too sure what people can do with an access to NetSpend since as far as I can tell, they would not transfer money from your NetSpend account to someone "random". But maybe the person can enter oneself as a company which is to be paid some money and just send a check... which means we'll know his/her address. And if it's overseas, it's quite unlikely that it will work. The other thing would be identity theft... Anyway, hopefully they don't show the SSN of their users anywhere!

    Received:		from snap.turnwatcher.com
    			by substitute with [XMail 1.22 ESMTP ...