SEO, both an important part of running a website and also a magnet for unscrupulous individuals and businesses trying to make a fast buck.

We get lots of calls from clients who have received emails from people claiming to be SEO experts. These emails state that the clients website is riddled with errors and that they can help correct these problems and improve search rankings

Here is a copy of one such email I received


My name is Anil kumar, and I am Online Marketing Manager at a leading Digital marketing company/SEO and Web Designing Company.

I was analyzing your site and it seems that some of your website rankings have dropped. It is due to non optimized techniques/errors

And Google guidelines not being followed properly. As you know that Google’s crawler is software and work on coding basis only.

That’s why site coding portion should be strong for better results.

I would like to present a detailed analysis of your website along with errors that your website and ways to improve your Google rankings.

It would be a detailed report and would be explained as well on phone once we send this over to you.

Please let me know if we can discuss this.

Anil kumar
Online Marketing Manager

Now, improving your rankings is important. It is something that you should be looking at. However, these emails are problematic for a number of reasons

  1. Despite stating they have analyzed the website, I expect that in 99% of cases this is not true.
  2. These are untargeted spam emails.
  3. Their skill level is unknown, with no website for reference and only using a gmail address for email.
  4. In some cases the lack of skill in writing emails in English may cause concern if your website is in English.

All in all, you are better to talk with your current web designer about SEO and how they can help you. They know your website, know what has been done in the past and are in the best position to either help you out or give advice on how you could get exert help for this.

Don’t fall prey to the SEO scammers

Trustwave Vulnerability Scan Scam

This one is potentially a better attempt at a phishing scam than most.

Supposedly from TrustWave, it tells of a failed vulnerability scan on my network and to view the results online.

Visiting this site potentially loads Malware, or tries phishing techniques to get access to your systems.

One interesting aspect of this is it predicts IP ranges that will attempt to access your network, which makes me lean toward a malware attack.

This is an automated email message to prevent you that the scheduled TrustKeeper vulnerability scan of YOUR NETWORK SYSTEMS has completed and is not compliant.

IMPORTANT: During the scan, TrustKeeper Discovered several Unsecure systems. Trustwave strongly recommends you review these findings as your overall PCI DSS compliance status may be affected.

TrustKeeper generated a vulnerability scan report. You may view these results by accessing TrustKeeper at:

You will receive an e-mail confirmation when the scan completes and your results are available. Please note that this can take up to three days.

Note: If you monitor your network for activity, note that the TrustKeeper scan may originate from IP addresses in these ranges:

TrustKeeper is a certified remote assessment and compliance solution created by Trustwave and designed to help merchants meet the PCI DSS and achieve compliance with the associated programs of VisaŽ, MasterCardŽ, American ExpressŽ, DiscoverŽ, and other credit card associations. The TrustKeeper solution is an integrated easy-to-use tool that removes the challenge of navigating the complex PCI DSS requirements and provides a “one stop shop” for merchants to certify compliance.


This mail is sent by an automated message system and the reply will not be received. Thank you for using TrustKeeper.
This email was sent to:
This email was sent by: Trustwave
80 West Madison Street, Suite 1080, Chicago, IL, 60408, USA

We respect your right to privacy – view our policy

So a new attack method, using fear to cause people to click the link and open themselves up for the real attack.

New Scam email from ADP Netsecure

A new scam arrived today, this time about a Digital Certificate. A client also had the same email (2 actually) so it must be a wave going around.

Is is purportedly from ADP, a payroll system, but includes links to obviously hacked sites for phishing

They are looking for ADP logins, to then access personal information of companies employees.

Here are the two emails

Subject: ADP Generated Message: First Notice – Digital Certificate Expiration

This e-mail has been sent from an automated system. PLEASE DO NOT REPLY. If you have any questions, please contact your administrator for assistance.

Digital Certificate About to Expire
The digital certificate you use to access ADP’s Internet services is about to expire. If you do not renew your certificate by the expiration date below, you will not be able to access ADP’s Internet services.

Days left before expiration: 2
Expiration date: Jul 11 23:59:59 GMT-03:59 2012

Renewing Your Digital Certificate
1. Go to this URL:

2. Follow the instructions on the screen.

3. Also you can download new digital certificate at

Deleting Your Old Digital Certificate
After you renew your digital certificate, be sure to delete the old certificate. Follow the instructions at the end of the renewal process.




Subject: ADP Security Management Update

ADP Security Management Update

Reference ID: 68760

Dear ADP Client July 2012

This message is to inform you of the upcoming ?Phase 2? enhancement to ADP Security Management (formally ADP Netsecure). This is where you manage your users? access to ADP?s Internet services, and includes the self-service registration process.

Effective July 25th, ADP Security Management will reflect a new user interface. This will include tasks such as Account Maintenance, User Maintenance, and Company Maintenance within Security Management.

Please review the following information:

? Click {link} to view more details of the enhancements in Phase 2

? Complete the What?s New in Security Management Service {link} (Expected to take about 15 minutes)

? View the Supported Browsers and Operating Systems, listed. {link} These are updated to reflect more current versions to ensure proper presentation of the updated user interface. It is important to note that the new ADP Security Management is best accessed using Microsoft Internet Explorer Version 8 or Mozilla Firefox Version 3.6, at minimum.

This email was sent to active users in your company that access ADP Netsecure with a security role of ?security master? or ?security admin?. You may have other users that also access ADP Netsecure with other security roles. Please inform those users of these enhancements, noting that the above resources will have some functionality that does not apply to their role.

As always, thank you for choosing ADP as your business partner! If you have any questions, please contact your ADP Technical Support organization.


It is important to look at the status bar at the bottom of your email client, as this will display the underlying link that you would be taken to if you click it. If it looks anyway suspicions, do not click the link

Twitter DM Spam / Virus / Phishing

Whoops, it’s a good thing this was not one of those dodgy sites!


Please, please please do not click on those “OMG see what someone is writing about you” kind of tweets. Or you will be hacked and your account will be used to send horrible stuff to all of your friends.


Yours sincerely,

The Twitterverse (The good ones anyway)


PS: If you got here by clicking on the link in a tweet, retweet it, so we can warn more people 🙂

IRD Refund…Oh Goody

Sorry, it’s another phishing attempt, this time pretending to be from the NZ IRD (Inland Revenue Department)

Here is the email


Subject Due to our latest update you are eligible for a refund

Dear Sir/Madam,

You are receiving this e-mail with reference to our latest database update on February 5, 2012.

Due to our most up-to-date calculations, Inland Revenue updated his database system to a more accurate structure. As a result, you are eligible to get a refund of 184,56 $NZD.

Please download IR3-e-file_FORM-759784123157 attached to this e-mail, complete the form with your personal information in less than 48 hours and allow up to 24 hours to update the data into our database.

Your records are securely encrypted through a secure 128 bit socket to our servers and will NOT be shared.

Reference number: 76178256192/2012nzr.

E-mail officially sent by Ross Hughson.

Inland Revenue – IR3_e-file refund form . html


As you can see it is “from” an IRD email address,, to make it look more legitimate. It also give a real sounding name and a refernce number.

What could go wrong?

Well the HTML file that is attached will be the bit that bites. It will either redirect you to a phishing website or gather your data then and there and report it back.

Don’t open these kinds of things, if in doubt, give them a ring.



New Scam – Better Business Bureau

The Better Business Bureau have been targeted as the latest providers of a “trusted source” for email phishing attempts. Not that the BBB are actually doing something wrong, but have been targeted by the spammers as a face for their campaign due to their trustworthiness, and in this case, the concern that happens when you get an email from them saying something is wrong.

With this latest email (I received 2 today, even though I am not in the US) they use the threat of a complaint against your company to get you to click on a link in the email.

Here is a copy of the email

RE: Case # 18558568


The Better Business Bureau has been filed the above-referenced complaint from one of your clients on the subject of their dealings with you.
The detailed information about the consumer’s concern is presented in enclosed document.
Please give attention to this matter and let us know about your opinion.
We encourage you to open the ATTACHED REPORT to reply this complaint.

We look forward to your prompt response.

Sincerely yours,

Louis Gerald

Dispute Counselor
Better Business Bureau

So again, it is a case of being careful when something like this appears in your mailbox. Don’t panic and click the link to see what the issue is, if in doubt hover over the link and it will tell you in the status bar of your email program the real link that it will take you to.

If it looks in any way suspicious, leave it alone.

Malware/Phishing Attempt About declined Payment

I have received an email saying that a payment has been declined, as with many of these things, I have nothing to do with the service or vendor concerned and so I automatically think it is a scam.

In this instance it appears to be a phishing scam by trying to trick you to click on an apparent document link that takes to to a webpage.

Other known reports of this (here) talk of zip files being delivered to entice people to run the included .exe file (similar to the UPS scams)

This appears to a bit cleverer as it takes you to a website rather than the hassle of unzipping and running the executable.

The organisation mentioned does not send out these emails and so you can delete with impunity.

Here is the message:

The ACH transaction (ID: 5061740263570), recently sent from your bank account (by you or any other person), was canceled by the other financial institution.

Canceled transaction

Transaction ID: 5061740263570
Reason for rejection See details in the report below
Transaction Report report_5061740263570.doc (Microsoft Word Document)

ANZ Bank Phishing Target Again

These phishing attempts are usually found by my virus scanner, but this one got through.

Anz Bank

We’d like to inform you that your Secure Messages Center has 1 new message.

Please login to your Online Banking and visit the Secure Message Center section in order to
read the message.

Log On to Online Banking.

(The Message Center contains only important information about your account and online banking.)

Copyright Australia and New Zealand Banking Group Limited ABN 11 005 357 522, 1996-2011.
ANZ’s colour blue is a trade mark of ANZ.


The log on link goes to http:// nogueirametalurgica . com . br/www . anz . com/index . php

This is a typical ploy where they hide the link to a hacked website. Here they have placed a site that looks the same as the target (This time ANZ) and hope that you do not look at the link that appears in the URL section of your browser.

Whenever you get a dodgy email, you can often just hover over the link in the email, and the email program will show you the link that you will be taken to.

If it is anything like this, then stay away

Chinese Domain Name Scam Update

I have had a number of enquiries from clients, checking to see if these emails are legitimate or not.

However, I have just received one directly and have noticed that although the scam is the same, the wording and formatting are a bit better, more convincing.

Here is the transcript:

Dear Manager,

(If you are not the person who is in charge of this, please forward this to your CEO,Thanks)

This email is from China domain name registration center, which mainly deal with the domain name registration and dispute internationally in China and Asia.
On October 17th 2011, We received Tianhua Ltd’s application that they are registering the name ” yourdomain ” as their Internet Keyword and ” yourdomain .cn “?” yourdomain ” ?”yourdomain .asia “domain names etc.., they are China and ASIA domain names. But after auditing we found the brand name been used by your company. As the domain name registrar in China, it is our duty to notice you, so we are sending you this email to check. According to the principle in China, your company is the owner of the trademark, In our auditing time we can keep the domain names safe for you firstly, but our audit period is limited, if you object the third party application these domain names and need to protect the brand in china and Asia by yourself, please let the responsible officer contact us as soon as possible. Thank you!

Best Regards,

General Manager
Shanghai Office (Head Office)
3002, Nanhai Building, No. 854 Nandan Road,
Xuhui District, Shanghai 200070, China
Tel: +86 216191 8696
Mobile: +86 136615 29704
Fax: +86 216191 8697

So you can see that the construction of the email is much more professional, but still is  not quite perfect.

Again the point of these emails is to scare people into thinking that their domain name is going to be registered by a Chinese company. All they are wanting is to get you to register the domain name through them (often at an inflated price)

Don’t worry, I have not seen one of these be real yet.

Accommodation Scam Email from “Cowell Travel & Tours”

Another accommodation scam email, this time done a little better.

Rather than the all capitals, poor grammar and spelling of previous emails, this one reads better and so is harder to spot.

However, the key ingredients are the same

  • Doesn’t match the products on offer (Asking for 7 people, when only 6 available)
  • Insists on credit card as only payment method
  • Urgency
  • Not an enquiry, but a straight booking

Here is the copy of the email


I am Mr. Simon Cowell, I am writing from the Cowell Travel & Tours, Liverpool England, we have group of 7 people coming to spend their vacation in your country for 10 days. With due respect, we will like you to provide accommodation and breakfast for 7 of them for the whole period of their stay.

Let me know your room’s types and cost per night so that reservation will be made on time.

Our Arrival Date is 20th September 2011; Our Departure date is 30th September 2011.

Number of People: 7. all adult.

Kindly Confirm if you will have availability during these dates so as to proceed with the booking.

I will be appreciating your urgent response, I hope you accept credit card as means of payment, because I will be making the payment with my credit card only.


Mr. Simon Cowell
Cowell Travel & Tours
Adlib House, Fleming Road,
Liverpool, Merseyside, L24 9LS

Tel: (+44) 703 182 0750