A new high (low?) in scams

They're at it again

6 January 2010. Scamps and scoundrels seem to be among the most creative people in the world. At the very least, they are astute psychological manipulators. Case in point: a brand new phishing email today purporting to be from Western Union.

This lastest hoax is bound to snare many who don't stop to think.

The set up is this: You've sent someone $95.50 and it is waiting for them to pick it up. But just in case you've changed your mind, you do have one last chance to cancel the transfer. It looks pretty real:

• It's from mail.westernunion.com — that's very plausible
• It has a "Money Transfer Control Number" — that's the kind of awkward, too-long, label some financial-crat would come up with
• There's a precise date and time of the order — until you stop to wonder about a time recorded three hours west of Greenwich Mean Time (-0300) — i.e., in the Atlantic Ocean off the coast of Newfoundland.
• And there's a link going to wumt.westernunion.com — geeze Louise, looks real to me!

Except you know perfectly well you didn't wire anyone $95.50. So what's the catch?

The catch depends on the fact that what you see as a link isn't necessarily the same as the actual link in the HTML code, "behind the scenes" as it were. Let's compare:

The actual address — the part between http:// and the first / — has a whole lot of stuff after the wumt.westernunion.com, and there's the rub. This link actually goes to .yhe3essy.com.pl, and it is the last dot something that matters. Dot PL (.pl) just happens to be the domain code for Poland. So some shady operator working out of Poland has set up a nice trap to fleece you — probably out of $95.50.

I have no idea what happens if you actually click the link. I do know that if you enter http://wumt.westernunion.com.yhe3essy.com.pl/ in your browser, Google Chrome, at least, gives a nice warning:

"There's a sucker born every day," as my mama used to say. And the phishers and scammers and hoaxers are out to prove it.