I fell for a scam. Shame on me.

It all goes back to China

| Last weekend I received an innocent-looking email from my friend Jim. It turned out that his good name was being used to mislead his friends.

The email in question looked innocent enough:

Jim's email
The start of it all — an email from my friend Jim. Except, of course, it wasn't from him at all.

Jim often sends links to interesting things he has found on the web, and there was no reason to suppose this was any different.  The names in the To: list were all names that I recognized as Jim's friends and family. The only curious part was his name was part of the URL, but then Jim every now and then writes some piece for publication on the internet and authors often have their own folders on a site. Again, nothing to be alarmed about.

What should have set off my alarms — had I paid attention to it — was the email address in the From: dd.hr@uob.edu.pk, which is the University of Balochistan, Quetta, Pakistan. It's an actual university. But I wasn't paying attention, only eager to see what treasure Jim had found. And what a treasure!

The page that came up when I clicked on the link was made to look like a page on the celebrity gossip site TMZ. But this was clearly an advertisement for a weight loss magic bullet, and the page was not part of the TMZ site.

Actual URL of a site spoofing TMZ
The actual URL of a site pretending to be TMZ.com

At first I thought, Oh, this is a clever bit of redirection that Jim had discovered, and he just wanted to share the chuckles. But then I finally noticed the From address and realized that I had been had.

Then I was dismayed and a bit scared, because the only way this scam worked was it was a highly plausible email: I recognized all the names in the To list as among Jim's friends and family. These were not just a bunch of random email addresses pulled off the internet; everyone the message was sent to has a relationship with my friend Jim, and he was picked as the bait for the trap. Of course, you could assemble such a list of names by mining "friends" on Facebook or LinkedIn, or by scooping up someone's email address book. The implications are not good.

wearetheos.com

I started looking into the domain in Jim's email, wearetheos.com. A quick search of Whois revealed that the domain was registered at GoDaddy in 2008, and it expires in September of 2017. The person who registered the domain is one John Pedigo of Dallas, Texas.

Registrant of wearetheos.com
Whois entry for the registrant of wearetheos.com I am not spilling any secrets here — this is public information available to anyone with a web browser

Next I thought I'd look into the site actually hosting the spoofed TMZ page.

gencheckiq.com

This is where it got interesting.

Gencheckiq.com was registered by Bizcn.com. (There are many companies around the world that act to register internet domain names.) The domain expires in December of 2017.

Whois for gencheckiq.com
Whois for gencheckiq.com

The person who registered the domain gencheckiq.com is Blanca Haley of North Carolina.

Registrant for gencheckiq.com
The person who registered the domain gencheckiq.com. Again, I'm not giving away secrets — this is publicly available information
redirected page

That left the question of this bizcn.com. Typing that into a browser tells you everything you need to know.

bizcn.com
Of course. "CN" is the two-letter country code for China. And they're having a sale.

The internet is awash with fakery. Yes, Gwen Stefani did appear on the Ellen show  (as did Blake Shelton), but it wasn't to promote weight-loss products, it was to promote her latest album and gush over Blake.

These fake things work by having just enough connection with reality to make them seem plausible. But as has been demonstrated vividly in my own case, that veneer of plausibility can easily lead you astray. And the people who perpetrate this are not always sinister foreign hackers or a "400-pound guy sitting on a bed." In this case, all of the people responsible for the sites involved live here in the good old U S of A.

Note: no viruses were harmed in the writing of this article.

Last updated on Jan 24, 2017

Chronicles

Archives

Recent Articles