Muschamp Rd

$4,000,000.00 Spam

October 11th, 2012
Can of Spam

I’ve spent a lot of time fighting spam, first in my mailbox using programs/tools such as: MailSmith, SpamAssassin, SpamSieve, even SpamCop but also on this blog with a variety of WordPress plugins. I used to get 100s of spam emails a day at Muschamp.ca but after something my webhost presumably did I get noticeably less and very few make it to my inbox, one simply titled “Hello” recently did:

Attention Beneficiary, You have been chosen through your email by the UNDP for Humanitarian Development Cash Grant Program to enhance and develop the standard of living geared towards poverty eradication as targeted by the year 2020. You have been granted the sum of $4,000,000.00 USD, your grant pin# (UNF/FBF-816-1119 G-900-94). Contact UNDP Executive Secretary Mr. Barry Gibson with this email: barrygibson@rogers.com

They want contact info, not even banking info and it concludes with the following:

This transmission is not a digital or electronic signature and cannot be used to form, document, or authenticate a contract. Hilton and its affiliates accept no liability arising in connection with this transmission.Copyright 2012 Hilton Worldwide Proprietary and Confidential

I don’t know what Rogers and Hilton are doing, usually less prominent domain names are involved, but this is still laughably bad. The email came from Sara Hammond  who has a hilton.com email address and wants me to contact Barry Gibson who has a rogers.com email address. Surely those corporations are large enough to hire IT people to stop this or at the very least should ensure their employees don’t get any scumware on their computer. So few spam get through to my inbox now-a-days, that when they do they are sometimes amusing. So before I ‘mark this as spam’ I decided to share it and hopefully shame two corporations into action.

Here is the full Internet headers for those curious:

From ???@??? Thu Oct 11 17:00:35 2012
Return-path: 
Envelope-to: andrew@muschamp.ca
Delivery-date: Thu, 11 Oct 2012 19:13:12 -0400
Received: from mail28.messagelabs.com ([216.82.249.131])
	by www30.yourdnshost.com with esmtps (TLSv1:AES256-SHA:256)
	(Exim 4.72)
	(envelope-from )
	id 1TMRwG-0003FO-A9
	for andrew@muschamp.ca; Thu, 11 Oct 2012 19:13:12 -0400
X-Env-Sender: Sara.Hammond@hilton.com
X-Msg-Ref: server-8.tower-28.messagelabs.com!1349997190!34372828!1
X-Originating-IP: [170.224.50.4]
X-StarScan-Received:
X-StarScan-Version: 6.6.1.3; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 5772 invoked from network); 11 Oct 2012 23:13:10 -0000
Received: from unknown (HELO TLS.Hilton.com) (170.224.50.4)
  by server-8.tower-28.messagelabs.com with AES128-SHA encrypted SMTP; 11 Oct 2012 23:13:10 -0000
Received: from RTPHILX008.hotels.ad.hilton.com (10.20.95.13) by TLS.Hilton.com
 (10.20.1.9) with Microsoft SMTP Server (TLS) id 8.3.279.1; Thu, 11 Oct 2012
 19:11:53 -0400
Received: from RTPHILCE09.hotels.ad.hilton.com ([fe80::59ed:a4e8:4825:756f])
 by RTPHILX008.hotels.ad.hilton.com ([::1]) with mapi; Thu, 11 Oct 2012
 19:13:09 -0400
From: Sara Hammond 
Date: Thu, 11 Oct 2012 19:13:08 -0400
Subject: Hello
Thread-Topic: Hello
Thread-Index: AQHNqAX6TV6A0jGC30GA4aYBNRv4dQ==
Message-ID: 
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
x-tm-as-product-ver: SMEX-10.0.0.1412-7.000.1014-19262.000
x-tm-as-result: Yes-72.546100-8.000000-31
x-tm-as-user-approved-sender: No
x-tm-as-user-blocked-sender: No
Content-Type: text/html; charset="windows-1256"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0

Apparently messagelabs.com is also involved, they seem to be owned by Symantec so I guess this spam is virus free.

12 Comments

  • Blake says:

    This is what I got today.

    You have been chosen through your email by the UN Foundation for Humanitarian Development Grant program to enhance and develop the standard of living geared towards poverty eradication as targeted by the year 2020. Therefore, you have been granted a sum with your grant Pin# (UNF/FBF-816-1119 G-900-94). You are to contact Mr. Barry Gibson (Executive Secretary) with your full name and your grant pin via email: barry.gibson5@att.net

    • Muskie says:

      The spammers never get tired. The math favours them. It costs less than pennies to send many many spam, all they need is one sucker and it is all worthwhile.

      They use botnets and live in countries with non-extradition treaties if they become successful.

      There are services and software you can use on your personal mailbox. There are services and products your email provider can subscribe to like Spamhaus but despite the fight against spam starting in the 90s, it still goes on. It is just too easy to spam and too profitable.

  • Trisha says:

    Still going…
    Just got a new version of it today from sally olson
    …You’ve just been awarded…from the United Nations…
    How do we stop these people?
    I’ve never stayed at a Hilton. How do they get our addresses?
    Can we report them?

    • Muskie says:

      This is not the work of Hilton or Rogers. Sometimes one person can do something really stupid and it results in a lot of people getting spammed. Someone in my hockeypool got his computer infected with something and it generated so much spam sent to our private hockeypool mailing address, an address no one outside the hockeypool knew existed.

      I used to try and report every spam I received to SpamCop, that is way too much work. It might surprise you but Microsoft and some other big industry players have done a better job at fighting spam than in the olden days. I get a lot of spam from Japan. I was also told by Baidu staff that Chinese spammers are particularly clever, but the world spam champion is the Russians or states neighbouring Russia. They have spam celebrities, these men are wanted criminals, but they are also wealthy. There is a website devoted to the top 10 spammers just like the FBIs most wanted. A lot of the world’s spam is the result of a few tools written by a few mostly Russian computer programmers. If it makes you feel better some of them studied at MIT.

      Individual computers such as probably some at Hilton get infected with bots. This happens from downloading stuff on the Internet, particularly with Microsoft Outlook. That one program is responsible for a lot of computer problems. It works better now, but it had so many exploits that Microsoft has to spend millions of dollars supporting a program they gave away for free. Macs are not immune to bots but the spammers and hackers target older not up to date Windows machines. They then get all the email addresses they can and try to infect all neighbouring computers. Once they have a bot net and a huge collection of email addresses they send out the spams.

      This particular email seems like a phishing scam. The Russians generally are trying to get you to go to a particular website. These phishing scams are often run out of Nigeria. Nigeria is the world leader in ripping off gullible white people who speak English. Again the email can be reported but because there are so many scammers and they are usually teenagers operating out of cyber cafes in far away countries there is little local authorities can do. The Russian Spammers sell email address lists and write tools that enable less sophisticated people so called “script kiddies” to pretend they are clever and launch these spam bombardments. It only takes one or two people to fall for the scam to make the whole effort worthwhile.

      So the best thing you can do is keep your computer up to date. Don’t open attachments from people you don’t know. Don’t pirate software. Don’t pirate movies or music. Don’t use those peer to peer sharing programs in general. Finally train your spam filters to keep this crap out of your inbox. It will result in some false positives but generally I get 100s of spams a day but only one or two I actually see such as this one.

      Corporations and governments lose real money routing all this garbage they have to fight the war, individual victims can just make horror story blog postings. To stop the problem completely requires newer computers, better training, smarter humans, and capturing the individuals who write the tools that enable the mass spamming. Changing your email address is a solution some employ, but that is only a short term fix and you still have to contact all your contacts and implore them use your new email address. It is a very hit and miss strategy.

  • travis says:

    I got the same email……

  • ana says:

    This was sent to me:

    This is to notify you that you have been chosen as one of the beneficiary of a Grant Donation for humanitarian and your personal development. You have been granted the sum of $4,000,000.00 USD as developmental aid from the UN Foundation. For more details contact Mr. Barry Gibson (Executive Secretary) with this email: mr.barrygibson@rogers.com

    This transmission is not a digital or electronic signature and cannot be used to form, document, or authenticate a contract. Hilton and its affiliates accept no liability arising in connection with this transmission.Copyright 2012 Hilton Worldwide Proprietary and Confidential

  • H.bomb says:

    This is to notify you that you have been chosen as one of the beneficiary of a Grant Donation for humanitarian and your personal development. You have been granted the sum of $4,000,000.00 USD as developmental aid from the UN Foundation. For more details contact Mr. Barry Gibson (Executive Secretary) with this email:…………… THIS IS THE E-MAIL I RECEIVED IT IS SURELY A SCAM GOOD TO KNOW OTHERS HAVE ALSO GOTTEN THIS PLEASE BE WARNED SCAM ALERT!!!!

  • canaomira says:

    I got the same email from Julie Johnson, using a hilton.com address.

  • soxno1fan says:

    I just got the same email, from “Gloria OHal”. I agree with you, in that I am surprised they were able to use a hilton.com address.

    • Muskie says:

      Hilton.com must either be not that secure, or some computers belonging to Hilton staff got compromised. This post has gotten more traffic than my usual posts so I don’t think just two copies of this email were sent out.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Posts on Muskblog © Andrew "Muskie" McKay.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Muskblog. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.