Scams – Sgt. Monica Brown

I’ve decided to add a new series of postings.

Since I must wade through buckets of email to filter out the few that matter, and many of those are various kinds of SPAM and SCAM, and I’m pretty good at picking them out… I thought maybe it would be helpful to illustrate them, and some of the simple ways to detect them.

Such stuff comes in layers. The least obnoxious are the “mailing list” from a place you have joined or done business with. They are usually innocuous, but suck up time and space. I won’t say much more about them as they are usually very obvious. Buy a ticket from Ticketmaster, and you are on their mailing list forever. I bought a Solar Bears ticket 4? years ago and have had email from both Solar Bears and Ticketmaster ever since.

The next layer up is a bit worse. Donate to a political campaign, you get “traded around” to others in that party. Also pretty easy to spot when you’ve been traded.

In this posting, I’m looking at one of the worst kind. The flat out hustle / scam. In this case “under color of Authority”. They often have either an elaborate story (Nigerian Prince anyone?) or nearly no story, just a “Curiosity Hook”. This one is of that type. Then, in the text, will be a “click me” of some sort. NEVER EVER click on a “click me”!! I don’t even click “pop up close boxes” at web sites. If a page reload doesn’t clear it, I just abandon the page and never return. ANY click is granting action authority to some unknown program inside that email or web page. It might be Javascript (that I always turn off…) or worse.

OK, so here’s the email (I will hobble any links or addresses so they don’t work).

From: Sgt. Monica meander2 [at] zoominternet.net

Reply to: sgt.mlbrown50 [at] outlook. com

I am Sgt. Monica Brown. I require your urgent assistance in a business deal of mine, kindly contact me for more guidelines. Thanks and God bless you.

OK, first off, notice that the reply to address does not match the sender address. GIANT red flag. It is sent “in the blind” in that I have no clue who this is. Second GIANT red flag.

This one has no “click me” so it is most likely not malware, but a Phishing scam trying to harvest email addresses, phone numbers, and /or con you into giving up a credit card.

The quick and easy thing to do? A web search on the phony name and “SCAM”. These folks usually send out millions of these, and someone falls for it, then posts an Aw Shit message.

My search key in duckduckgo.com: “Sgt. Monica Brown email scam”

Results:

419 scam: "Sgt.Monica Brown"  PLEASE REPLY ...
"419" Scam - Advance Fee / Fake Lottery Scam. About the 419 (Advance Fee) scam "Is that email a scam?" ... "Sgt.Monica Brown" 
[Search domain www.419scam.org] 419scam.org/emails/2014-08/19/00019659.8.htm

419 scam: "Sgt. Monica Brown"<sgtmonicabrown2000@outlook.com ...
"419" Scam - Advance Fee / Fake Lottery Scam. About the 419 (Advance Fee) scam "Is that email a scam?" ... {Sgt. Monica Brown} ...
[Search domain www.419scam.org] 419scam.org/emails/2013-11/10/00518761.1.htm

Beware of Email Scams: Sgt. Monica L. Brown - Email Scam
Email from Sgt. Monica L. Brown , sgtmonicabrown63@gmail.com, Beware of the sender as numerous scam emails has been sent by this particular individual.
[Search domain bewareofemailscams.blogspot.com] bewareofemailscams.blogspot.com/2015/11/sgt-monica-l-brown-email-scam.html

US Army Oil Deal Scam Email - Sgt. Monica Lin Brown ...
My name is Sgt. Monica Lin Brown, originally from Lake Jackson Texas USA. I am 24yrs old, I presently work in Support Company of 4th Brigade Combat Team, 82nd ...
[Search domain pastebin.com] pastebin.com/GnbN6BEC

Re - SGT.MONICA L BROWN Phishing Scams - MillerSmiles.co.uk
Re SGT.MONICA L BROWN Phishing Scam, Email Scam Spoof Fraud at MillerSmiles ... SGT.MONICA L BROWN never send their users emails requesting personal details in this ...
[Search domain www.millersmiles.co.uk] millersmiles.co.uk/email/re-sgtmonica-l-brown

www.scamwarners.com View topic - Sgt. Monica L. Brown ...
Delivered-To: [email protected] Received: by 10.112.18.135 with SMTP id w7csp40293lbd; Wed, 1 Jul 2015 15:15:11 -0700 (PDT) X-Received: by 10.202.176.213 with SMTP id ...
[Search domain www.scamwarners.com] scamwarners.com/forum/viewtopic.php?f=7&p=258699

Scammers with pictures of Sgt. Monica Lin Brown - Romance Scam
Romance Scam Please report ... Pictures stolen from Army Sgt. Monica Lin Brown ... Got the exact same message from "Sgt. Monica L. Brown" she used the email sgt.b3@ ...

Now wasn’t that easy?

One look, one suspicion, one search – done and bagged.

Don’t even need to read the postings for the sordid details…

Flag as spam, delete, and move on. Didn’t even have to do any of the more interesting tech tricks like looking at the message source or deep mail header inspection.

I do feel sorry for any Real Sgt. Monica Brown, though.

(FWIW, an Army Sgt. just won the Miss America selection at some level… or something like that. Very very cute black woman who could probably whip my ass ;-) But I digress…)

Subscribe to feed

About E.M.Smith

A technical managerial sort interested in things from Stonehenge to computer science. My present "hot buttons' are the mythology of Climate Change and ancient metrology; but things change...
This entry was posted in SPAM and SCAM disection. Bookmark the permalink.

12 Responses to Scams – Sgt. Monica Brown

  1. Larry Ledwick says:

    I also sometimes hover the cursor over click me links if they are in that grey zone where they might be from someone you have a business relationship with, but don’t sound kosher, and see if they are going to some totally different address not remotely similar to the apparent source.
    That is another “oh oh” indicator for emails that don’t have a specific reply to address.

    If the email is from:
    soundslike_big_company(.)com

    and the clickme link is to:
    notworksafe_pictures(.)ru

    That is probably a bad sign.

  2. E.M.Smith says:

    @Larry:

    Chuckle!

    Once, while at Charles Schwab (yes, THAT Charles Schwab) working in their computer security department… as a contractor where it took NOTHING to walk you out the door and where looking at porn was a termination offense even for regular employees…

    I was looking for a patch for a particular Unix bug. Did a search. Found “Fix is FOO” and a site popped up some name like “Linux_solutions.TechName.com” with that particular bug described in the thumbnail that presented. It looked OK… I didn’t “pop a window and google the site” which I now do… I just clicked.

    Suddenly I had popup after popup of naked women on my screen. WTF?!

    Realizing I was one set of eyeballs away from being walked out, explanation be damned, I dove for the power off switch and killed my machine…

    Then sweated for a week… hoping it had not triggered any security filters in the (known to exist) monitoring logs of all traffic in and out…

    I did immediately report the event, and the URL, to my boss, but as he was with the contract company that had me there, (making me sacrificial lamb to the contract) it was “thin gruel” between me and a walkout…

    And folks wonder why I refuse to click ANYTHING I didn’t ask for, and will not do ANY “Social Media” (Facebook, LinkedIn, etc.) Hell, I’m skittish about just clicking on a link in a search I asked for!… because it almost cost me my job, once…

  3. Larry Ledwick says:

    We had the same thing happen at IBM, one of my coworkers was doing a search on an error code or something like that and all of a sudden his PC was acting like a pin ball machine and had flashing windows popping up all over it. We tried for the better part of a day to clean the machine but could not get rid of what ever it was he clicked on, so opted for wipe the drive and re-image.

    The boss understood and it was no big deal but we got a lot of traffic out of ribbing him over it.
    ;)

  4. Serioso says:

    I do what Larry said in his first comment: Hover. So far so good.

  5. Dai Davies says:

    I had some fun digging into a scam email years ago. It claimed to be from a lawyer but grammar, spelling etc made me doubt it, and it wasn’t an approach that any real lawyer would have taken. It said I was a beneficiary in a will – personalised with my full name, not just expanding my email address, as I remember. The name of the benefactor was familiar then I realised that I had met him years earlier when he visited the department – a high flying CS guy that could easily have had commercial success. As sysadmin it meant that I had spoken with him as I set up his machine and there was a good chance that I had mentioned a private project I was working on – OK a near certainty. But I presume the personal connection was a fluke. If not it was an exceptionally well researched scam.

    I remembered him as a nice and interesting guy and took umbrage at his name being used, so got serious. Clicked on nothing. Checked and he had indeed recently died. Checked the legal firm in a national online directory and it was there. Went to the web site and it was just an Under Construction sign. Totally convinced now, but how to complete the task? Got a street address and checked with G-Earth. Busted!
    I emailed the woman who was managing the lawyers web site and suggested she check out the company. She replied later with thanks.

    PS. You’ve got me wary about close boxes now.

  6. gary turner says:

    Don’t forget that simply hovering triggers an onmouseover event.

  7. Steve C says:

    At least some of the “mailing list” variety can be got rid of easily and politely. Having bought some batteries online from Duracell (I usually choose them when I want “decent” rather than “cheap”), I ended up getting many, many offers/month of batteries I didn’t need or want. When I was emailing them about another order, I added a sentence mentioning that I already chose their product regularly, but that the endless offers were really getting up my nose. By return, the fellow I was dealing with had removed me from the mailing list, and relations between Duracell and myself are sweet again. Worth a try, at least for companies you do actually want to use again.

    Mind you, a friend of mine got a genuine Nigerian 419 a few years ago – royal connections, everything. I’m jealous! All I ever get are the petty scammers.

    But the beggars get everywhere. Even my Hushmail account (which I never use in dodgy environments ‘cos I pay for it) gets some spam. The Yahoo account is surprisingly free of spam, considering I use it quite uncritically – although I did see a curmudgeonly comment somewhere that “that’s probably because so much spam is sent from Yahoo domains …”

  8. PhilJourdan says:

    Seems I am not alone in the “fake tech site”. I was also on contract (to the state Dept of Tax – same policy) and clicked on a link for a bug fix. And the screen was flooded with porn popups! (in the days before pop up blockers were SOP). Plug pulling was all that saved the day.

    I have noticed that spam filters do catch 99% (along with 1% of legit stuff), so I only check spam folders once a day and then just scan for names I know. So if I am going to win a fortune, I will never know. I have noticed an inordinate increase in the number of “per our conversation, please pay…” emails (the sneak preview of Google mail allows me to see that much). Those have worked from what I hear, so others are really pushing them. As I am not a money man, I delete them all.

  9. Power Grab says:

    I will also now avoid clicking the those pop-up windows’ close boxes. Thanks for the tip!

  10. Sgt. Monica Brown says:

    But I really do require your urgent assistance.

    [Notice: While I suspect strongly that this is a spoof / fake, in the interest of fairness and whatever entertainment value it might provide, I’m letting this comment through. Be advised I would not in any way respond to the email address in it, and at any time I might ‘sanitize’ it if things look like they warrant it. The associated IP address is 24.211.246.113 that looks to map back to a Brighthouse network via nc.res.rr.com (North Carolina Residence?) but the email address has “meander2” as the person, not Monica nor Brown… In short, it has “fishy” characteristics. The ‘zoominternet’ mail provider gets redirected to an ‘armstrong’ web page, but that could be due to a corporate takeover… yet IT want’s to further redirect me to another web site. In short, if anyone wants to investigate this, have fun, but I’m not going to touch it any further than I have. -E.M.Smith ]

  11. Mark Matis says:

    With the military what it has become today, I wonder if Sgt. Monica Brown might perchance be real. Although if she is, she would most likely be at least a general.

  12. kamalei96@hotmail.com says:

    Just received this in my email today, looks like she’s still trying to find people to do this….

    “Hello Dear Friend,
     
    Compliment of the day, how are you doing?
    I apologize to encroach your privacy, i got your contact from a directory. I know you don’t know me but i mean no harm, i don’t have anyone to talk with. I lost my parents in a car accident when i was young, at about 7 years old, i was raised up by my adopted parents, but they passed away some years ago, relative of my adopted parents threw me out of the house. I once lived in Lake Jackson, Texas before joining the Force.
    Let me introduce myself to you, my names are Sgt Monica Brown, i am assigned to 782nd Brigade Support Battalion, 4th Brigade Combat Team, and 82nd Airborne Division [3].  Myself and four(4) other colleagues of mine made partnership on some diamond deal over here in Afghanistan, and the deal worth $25 Million United States Dollars and after sharing the money among ourselves i realized $5.9 million United States Dollars was my share of the deal, due to my status as a United States Sergeant, i can’t be able to move this huge funds to my account in United States, but with the help of an Indian contact working with the UN here (his office enjoys some immunity) i was able to get the package out to a safe location from trouble spot. He does not know the content of the package, as i have deposited the consignment as a family treasure. I am seeking your kind assistance and cooperation to evacuate the sum of $5,900,000.00 USD (Five Million, Nine Hundred Thousand United States Dollars) if this is possible, I need your assurance that it will be safe in your care until i complete my service here in Afghanistan, then i will come to meet you soon as possible. You may be wondering why i decided to communicate with you on a delicate matter like this, but this is the best way i could at this present situation. Meanwhile, i would have trusted this deal in the possession of my husband who was my closest confidant, but i lost him to cancer on 13th August, 2009. This incident occurred exactly 4 months after we got married, also my only brother ruined his life with hard drugs. Now I am left out with no family member. Oh my God, so painful i am all alone in this wicked world. A decision to talk with you came through my mind that was why i decided to send you this email. Your acceptance to this would really help and encourage me more to send you further information for us to proceed on this deal.
    Please Note: I am willing to offer you 50% of the total sum which is to be evacuated for your assistance. Do not betray my trust and confidence in you. If you wish to proceed with me on this issue, please write back to me with a positive response via my private email: (sgtbmonica14@gmail.com)
     
    Best Regards,
    Sgt Monica “

Anything to say?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s