Monday, February 23, 2026

It couldn't possibly be a scam, could it?

Background: the Widowed Village organization (associated with Soaring Spirits International) has a "pen pal" offering.  I've been "matched" with six pen pals, only one of which has continued beyond two transactions (one stopping immediately after a mention of my research into grief scams).  However, I've noted that he (all the matches seem to be the same gender, presumably as a minimalist protection against romance/grief scams) hasn't really said much about himself, although he always commended me on being so honest and open.

"Edmund" is 49 and has an 18 year-old daughter who means the world to him (but whom he never otherwise mentions).  I told "him" a lot about myself (including the fact that I was a security expert), and even more was available in my blog.  "He" was always appreciative.  The only thing he really mentioned about himself was a major road-building contract coming up in the Middle East, which needed investment.  (Hey, I'm a professional paranoiac.  At this point I'm starting to see signs of a potential scam.  But I keep going.)  

So, after eight transactions back and forth, today I received:

***
Meanwhile, I met a woman here in Turkey who is in her early 60s. She’s a gemstone trader and is currently facing a difficult situation. She came to Turkey to purchase some gemstones to bring back to the United States but was held at the airport for not having the required export license. Now, she’s facing the possibility of a four-year jail sentence.

She explained that she has a trust fund left to her, which she needs to claim in order to get the finance needed to resolve her issues. The trust has a mandate that it must be claimed with a man present in her life. She is a widower, and I want to be clear that I cannot get involved with her personally.

Would you be interested in communicating with her or offering any assistance?
***

1)  Hands up those who think that this is a variant but fairly classic grief scam, with an initial approach by someone presenting as male to get around the system's grief scam protection, and then redirecting me to the scam?

2)  Hands up those who think that this guy is, himself, as a widower, being grief scammed, and I should warn him?

3)  Hands up those who think that I have let my professional paranoia run away with me, and I am throwing away a golden opportunity to meet, aid, and fall madly in love with this age-appropriate and wealthy woman who needs my assistance?

Anyway, I carried on, although I did note that neither gem trading nor legalities were my specialties.  (OK, I lied a bit about not being familiar with the law.)  Now, at this point, "Edmund" seems to get impatient, and (as I had asked him about his daughter) seemed to mess up his response:

***
My daughter is doing well, and I plan to see her when I leave Turkey.  I hope you might have the chance to get to know each other. I know she is looking for a trustworthy man to help her with a power of attorney so she can have easier access to the trust fund left for her.
***

So I messed with him a little on that score, but kept going.  However, by this time I had also alerted Widowed Village, and they had started an investigation, so I suspect that scared him off.

I'll see if I ever hear from "Edmund" again.



Online scams, frauds, and other attacks (OSF series postings)


Sunday, February 22, 2026

Wednesday, February 18, 2026

Woke

When did the word for being a conscious and thinking entity become an insult?

(And why?)

Monday, February 16, 2026

Isaiah 49:20-21

The children born during your bereavement
    will yet say in your hearing,
'This place is too small for us;
    give us more space to live in.'
Then you will say in your heart,
    'Who bore me these?
I was bereaved and barren;
    I was exiled and rejected.
    Who brought these up?
I was left all alone,
    but these—where have they come from?'

Thursday, February 12, 2026

Wrong place

I figure that I am always the wrong person in the wrong place and situation.

I am a scientist who believes in God.  I am a believer in discourse and consensus, in a world full of division and denial.  I am a devotee of lifelong learning, in a church that has reached new heights of anti-intellectualism.  A protector of those who think that they are too street-smart to be tricked or trapped.  I am a believer in donating everything that you can, in a world that believes every need is an opportunity for a side hustle.  A teacher in a society where most people avoid learning anything they can.  I am a believer in partnership and relationship, in a society which believes everything is a transaction.  A specialist in information security, in a world where no one wishes to take any account of risk.  I am a specialist in information integrity in a world which no longer believes in the truth.  I am a depressive in a society that worships positivity (even if toxic).

OSF - 3.20 - spam - packages

Package scams are probably yet another variant in the general class of advance fee fraud.  Packages, as well as various gift and lottery, scams have been around for quite a while, but they really picked up during the pandemic, when everybody was ordering things online.  Online ordering, and delivery services, are still quite active, and so package scams are still around.

I have a possible advantage over the scammers, in regard to package scams.  At one time I did a lot of reviewing of technical books, and so I was receiving an awful lot of packages, of books, through the mail, or via the various delivery services.  Therefore, I was more aware than most people of the announcements that you would, and would not, receive from delivery services, and so I was more able to identify the variations that indicated that something was a scam.

As with any advance fee fraud, there is the promise of a benefit to come, dependent upon you paying some kind of fee in advance.  In the case of packages, or the free gifts mentioned earlier, the fee is generally fairly small.  Usually, package scams are a kind of a one-off fraud, rather than the ongoing requests for a constant stream of fees or assistance that are part of the classic advance fee fraud.  However, it is possible that some of the package scams may involve an initial small fee, perhaps five or ten dollars, and only later report that you need to pay extra taxes or duty.


Package scams very often come via text, rather than email.  In this case, it offers us a bit of a twofer, in terms of red flags.  The first message is for a delivery scam.  How do we know?  Well, Canada Post isn't likely to host its rescheduling Website in Hong Kong (.hk).  So that's one indication, for a start.  However, as chance would have it, these particular scammers seem to be involved in a number of different scams.  You'll notice that both messages came from the same number, and one is for a completely different scam (threatening that you have not paid your Disney+ account).


These texts didn't come from the same number: this is from my reporting of spam to a research account.  However, you can see that there are a variety of package scam attempts: one purportedly from Canada Post, one from DHL, and one unnamed.  Notice also one mention of a "border fee."


I really love this one.  They've put a bit of thought into the social engineering: in order to prove that they actually have a package for you, they've sent you a *picture* of it!  Relatively few people would think to question the fact that the picture isn't clear enough to indicate who sent it, or to whom it is addressed.  I mean, it's not possible that someone just took a picture of *any* package and sent it to you, is it?


Wednesday, February 11, 2026

OSF - 3:15 - spam - red flags 3

A few more issues that can indicate that you should maybe not trust this message.


One of the things that you should watch for is any indication that the party that actually sent the message is not the party that the message is supposedly from.  In the case of this message, it is supposed to be from Shaw, who provide my Internet service.  Obviously I want to continue my Internet service, but, in this case, the message doesn't come from Shaw (a Canadian company), but from BTConnect, a British company.  Obviously a Canadian Internet provider would have no need to route their email via a different provider in Britain.

But there is another factor here, and that is a problem with Shaw.  Shaw, in providing an interface for email, should be providing its users with the information about who sent the message.  Shaw does not.  The creator of this message has crafted the message such that the "personal name field" shows "Shaw."  But Shaw, in presenting the message, does not provide the actual email address, only the personal name field.  The only reason that I was able to quickly figure out that "Shaw" wasn't the actual sender was that the images in the message were stored on an external server, and the email system balked at displaying them.


There are a bunch of fairly obvious red flags in this message.  Supposedly it is in regard to a Google Workspace.  Right off the top, we should suspect that nobody who works for Google would need, or even be allowed, to use an obviously external email server such as defence-s.org.  Then there is the fact that VCN (and particularly my account on it) isn't run by Google.  In addition, the link to contract.lisojea.contractors is extremely suspect.

However, note that the user interface for this system does at least give you this information rather than hiding it.