Vacation Messages a Great Way for Scammers to Steal Your Identity

Automated vacation messages are often frowned upon for several reasons, including that they can be a spam vector, that if set improperly (such as being triggered with every single email from every single person) they can actually views as spam, and that they can actually cause legitimate email from you to end up in the spam folder. But as if that’s not enough of a reason to not use an automated vacation message, they can also be used with a bit of social engineering to steal your identity. Here’s how that can happen.

Newest Amazon Order Scam Spam

Confused by a confirmation of a new Amazon “Prime Acct Gift” order that landed in your inbox today, when you know that you haven’t placed any such order? You’re not alone. The order with the subject ‘New-order #20953735 – confirmed’ (although the order number on yours may be different) from (although your ‘from’ address may be different) is 100% a scam.

Email Confirmation Messages Leaked to and Being Used by Spammers

As we have noted a couple of times in the past few weeks, spammers and scammers are using the email mailing list confirmation process to send spam. Here’s how that works: someone signs up for a mailing list, and then replies to the confirmation request with their spam. In this case, Amy Happy at, seems to be replying to a confirmation message that she, in fact, never received in the first place.

More Scammer Spam being Sent to Mailing Lists

Add as the newest scammer spamming mailing lists. As we mentioned last week, scammers have started signing up for mailing lists in order to spam the list members with their scams. (Our samples come from Aweber mailing lists.) Last week it was supposedly David Norris, leasing his house in Troy, Michigan, with a contact number of (509) 255-3270. This week it’s the supposed Rev. Gary Williams, with a house in Warwick, New York, with a contact number of (502) 536-8106.

California State Bar Warns of Fraudulent Email

The State Bar of California has issued an alert warning of a fraudulent complaint email being sent in their name. In an emailed statement this morning (June 8, 2016), the California State Bar said that it had received numerous inquiries about the email that supposedly had come from them, going out to members of the California bar.

About All Those She’s Gone Ads on Facebook

If you are on Facebook you can’t avoid them. The “She’s gone” ads, suggesting that celebrities like Sally Fields, Betty White, Meryl Streep, Sandra Bullock, Susan Sarandon, and Kris Jenner, have died (they haven’t), with the weird domain names, are everywhere. Click on them, and each and every one of them leads not to news that they have died (surprise, surprise) but a website selling Beauty and Truth (oh, the irony) brand youth serum.

New Scam: Mrs. Thorens ( Wants to Give Your Charity $2.5 Million

A brand new SMS text message scam has hit smartphones. Coming from, it is an image of text, which reads “CONFIDENTIAL Mrs Thorens has assigned a rewarding charity project worth $2.5 Million USD to you. For full details, please contact her only at her private email address below.” The sample that we saw had an email address of, although it’s quite likely that as that email address gets shut down, the scammers will swap in a different email address.

How to Report Scammy Facebook Ads on Facebook

We’ve all seen them – there are all sorts of ads for scams on Facebook, and all sorts of scammy ads and false advertising on Facebook (such as the ones suggesting a famous actress such as Betty White or Judi Dench has died). In fact, for many of us, not a day goes by that we don’t see some ridiculous ad on Facebook and think “How can Facebook let them get away with that ad?” In part it’s because Facebook relies on people reporting scammy ads to Facebook. So here’s how to report ads on Facebook.

New SMS Bank Phishing Scam Uses Hacked Holiday Inn Phone Numbers

Bank of America, Wells Fargo, and Key Bank are among bank accounts being phished, SMiShed and vished by scammers who are sending SMS text messages to users, directing them to call hijacked Holiday Inn Express phone numbers which the scammers have disguised to make them sound like automated banking systems. So far this current crop has happened primarily in the Houston area.