Hannah Montana Scammer

Filed Under: SophosLabs

Today I came across a sad tale of a parent defrauded trying to buy a Christmas present. Even in the holiday season there are those mean enough to take advantage.

This parent wanted to buy tickets for the extremely popular Hannah Montana tour and found some for sale on eBay. After contacting the seller and agreeing a price she received an official looking email with payment instructions. It's a long email, you can see the full version here but here are a few extracts:

Hannah scam email 1

... it looks good so far...

Hannah scam email 2

... but now we start to see something suspicious ...

Hannah scam email 3

Grammatical errors, such as 'we learn every eBay member' are typical of fraudulent email. The real key to recognizing this fraud though is in the email address of the sender:

ebay <ebay@auction-department.com>

This is not an eBay address although it is designed to fool the unwary.

Taking advantage of the tools available to researchers I can see that this domain was only registered a few weeks ago, in early October. Recently registered domains are another good sign of suspicious activity.

Sadly it seems this scammer has pocketed a hard working parent's money. As ever, be careful out there, not everyone believes that this is the season of goodwill.

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Richard manages SophosLabs' operations in the United States. His principal security interests are endpoint security and user education. When he's not worrying about digital perils he enjoys singing, much to the distress of his cat, whose name does not feature in any of his passwords.