Welcome and happy reading!

Since, like anyone else, I receive tons of scam emails and snail mail letters, I decided to present here some of these. All of these (and many more which I just delete) are scams. This means, what the senders have in mind is to racket one of us. And according to what I've seen, they do succeed quite often.

If you have similar letters in your mailbox, either disregard or play with the person knowing that you can't give him (or her) any information about:

  1. Your bank account,
  2. Your address — or any valid address if that matter,
  3. Your family, and
  4. any other information that you judge private or even intimate.

Ha! I say "Your"... even if you don't like your neighbor at all, don't give his information either. The Internet leaves tracks (hackers in the US are being caught one after another!) and you would certainly be in even bigger trouble.

In the meantime, I hope you will enjoy reading these letters as I do myself once in a while. 8-)I do not always add comments with the letters since I usually don't have time to do so, but there would often be a lot of joke to tell!

Soap Bubbles


Latest Scams
  • Last update: 08/03/2017

    So... I'm in Real Estate now and there is a nice letter I received today. It's supposed to be legalize which I'm sure some people would take to the letter. It's really badly written though!

    Oh and the point of this email is to send you to an account on DropBox where there is a zip file for you to download. I would imagine that this zip file has some kind of virus (trojan) which is the fun part, right?


    X-Original-To: alexis@m2osw.com
    Delivered-To: alexis@m2osw.com
    X-Greylist: delayed 450 ...
  • Last update: 07/17/2017

    Now I'm a rich actor! I'll be making $160,000 for this movie as they put my picture on it. Ain't that beautiful?!

    X-Mozilla-Status: 0001
    X-Mozilla-Status2: 00000000
    Return-Path: <SRS0+0Pqu=6V=ron.mil.pl=m.piaskowska@m2osw.com>
    X-Original-To: Jonie_Whishaw@m2osw.com
    Delivered-To: alexis@m2osw.com
    X-Greylist: delayed 339 seconds by postgrey-1.35 at m2osw.com; Tue, 18 Jul 2017 03:15:08 UTC
    DMARC-Filter: OpenDMARC Filter v1.3.1 m2osw.com DC8223F50A
    Authentication-Results: ...
  • Last update: 06/06/2017

    These days, I'm receiving requests about invoices. People want to pay me but my invoice has a problem/concern.

    The fact is that the invoice is a PDF document with a link to a hacker's website where you'll be asked to enter various credential. Their code may also attempt various XSS attacks or similar things.

    If you get those, opening the PDF is most probably safe, but following the link is not.

    Return-Path: <SRS0+0UFE=5L=hotmail.com=Jonie_Whishaw@m2osw.com>
    X-Original-To: alexis@m2osw.com
    Delivered-To: alexis@m2osw.com
    Received: from ...
  • Last update: 10/18/2016

    I thought this one scam was particularly good! As if I were under a real attack instead of the usual bullshit emails I get: very badly written, not correctly target, etc.

    In this email the user wants me to open an attachment, which would likely do nothing to my computer since I have Linux, but it is still very persuasive. Now the attachment may actually be totally safe to look at, it may just include a link to a website where they will charge my credit card and bye bye to your money!

    In any event, this is quite some progress from the usual scam.

    Return-Path: ...
  • Last update: 07/06/2017

    Pretty much all totals are computed using the exact same math on all computers... although I've see some invalid programs, I can assure you that the totals I get at Amazon are always correct. The one below was probably calculated by hand by the hacker who missed 12 cents... Just too funny!

    The tax and seller and all the other links were a big joke too, if you ask me. I have seen many links, but a short link does not take one enormous block as follows... I did not test it (I don't see the point) but such a large link, it's like it includes the whole page of data. It is not unlikely ...

  • Last update: 07/13/2015

    Interesting... So, if I follow, the guy is being kicked out for cheating, but then is afraid of losing his money because of religious reasons. Am I missing something?

    Clearly a case of money laundering, but still.

    Oh. I like the fact that he uses the verb "accede", even though he cannot spell assistance and "i" is always lowercase.

  • Last update: 07/06/2017

    I got this one today... I wonder how many people get caught by such emails!

    The important part, I found, is this:

    * PLEASE NOTE: If the verification is successful you will be transferred to the Citibank Welcome Page and you can you use account as regular. DO NOT Make any changes to your account.

    They clearly ask you not to change anything one you are really logged in your account. Which is probably a good idea, because if you give them your credentials first, logging in and changing your password will throw them off a bit!

    The other interesting aspect is the email address which includes a strange code:


    You wonder how they thought of that one... especially because most businesses will send alerts with accounts such as "noreply@my-business.com" and not some auto-generated email.

  • Last update: 01/14/2015

    This time I have to verify my identity with the IRS. Interestingly enough, I have to use a 1040 form which I suppose I sent them before. Really? What will that give me?

    The link was to a really long URL which started with irs.gov which is the true domain name of the IRS:


    Only it continued with many more sub-domain names and the real domain in that link was joyventure.net which is owned by someone in Buenos Aires, Argentina. Obviously, not the US Internet ...

  • Last update: 12/13/2014

    Got a facebook account? Maybe you'd like to get it fixed because a hacker just got in...

    The link was:


    which looks very similar to a link Facebook would send you, but really... they would NEVER use a 3rd party like that for the purpose stated here. Anyway, if you gave away your password following such a link, good luck to you!

    Return-Path: <zmjsdate1483de@idefix7.rt.cmo.de>
    X-Original-To: alexis@m2osw.com
    Delivered-To: alexis@m2osw.com
    X-Greylist: delayed 344 seconds by postgrey-1.34 at jc; Sat, ...
  • Last update: 10/28/2014

    This one surprised me today.

    LogMeIn sending me an email, that was already a surprised since I do not recall creating an account there, but the most surprising was the text in the email saying "download this certificate". Any semi-knowledgeable person would know that certificates are on servers and just work. You do not specifically download them.

    Also, as a server administrator, if it were truely a fix for Heartbleed, man! That company was S.L.O.W.

    The two URIs in the email would say one thing and be something completely different. Both would send you to a hacked WordPress ...