≡ Menu

Spam and Phish Attempt: “Legal Settlement”

Received this phish/virus today in my email. It contained a ZIP file. Scroll down to see the giveaways of this attempt.

Here’s the text:

Dear Agent

Ref. 13 March 2013

Please find enclosed your settlement report for the date indicated above. Please pay the amount due today.

If you have any query, please contact your local Settlement Executive.

Thank you for your co-operation.


Please do not reply to this unnatended e-mail address


Cher Agent

Veuillez trouver ci-joint votre rapport de règlement pour la date indiquée ci-dessus. Veuillez nous remettre le montant du aujourdhui.

Si vous avez besoin de renseignements supplémentaires, appelez votre Administrateur local.

Merci de votre co-opération.

Bien à vous


Apreciable Agente,

Ref. 13 March 2013

Sírvase encontrar adjunto su reporte de cierre de la fecha arriba indicada.

Favor de contactar a su representante de cuentas para cualquier pregunta adicional.


2001-2013 Western Union Holdings, Inc. 

A few points:

  • Lack of Detail (not addressed to me personally, no phone number or postal address, no reference or contact person. What’s a “settlement executive” anyway? That’s not a thing).
  • Crappy “from” address: Trey Mccoy <ourselves57@gmail.com> or Sonya Greene <thinnerq07@gmail.com> (I’ve received 2 of these attempts so far).
  • Misspellings! (the bane of the criminal amateur-mind) “unnatended”
  • Bad grammar. No signature, lack of commas.
  • Three languages=They obviously don’t know me because anyone who is due a legitimate, law-enforced payment knows their payor and the language that person speaks.
  • Court proceedings, especially ones involving payments, are not conducted by email.
  • Obviously timely as it is playing off the Facebook Settlement email (which was real).
  • Contained an attachment! Legitimate businesses and government offices are well aware of phishing attempts, and go to great lengths to keep their emails looking safe. Part of this effort is to avoid sending any attachments whatsoever.
  • This came to my purplecar.net account, which is not used for anything but this site. I never use it to sign up/sign in to anything. It’s very easy to determine spam/phish attempts when you know the email address is only found on your website.

Assume any email with misspelled words, attachments and lack of details is a phish attempt or virus. Branding, “legit looking” return addresses or links, etc., don’t matter. Legit businesses have your phone number and your mailing address. If they want to get in contact with you, they will.

Another hint: NEVER OPEN EMAIL WHEN YOU ARE TIRED. Our defenses and decision-making processes are diminished when we are tired or hungry. Email is a business activity, even if the messages are social in nature. Emailing takes thoughtful and careful responses; Make sure to have your “street sense” up and running before opening up that Inbox.