I recently received an email from a one “Terry Grey” claiming to be someone working at HSBC bank. The name is not important, as it was made up, but right off the bat, one can see the tell-tale sign of a phishing attempt. One thing you may not notice is that even though I received the email, it does not appear to be addressed to me. Instead, it is recorded as being sent To: HSBC BANK ISTANBUL TURKEY. Obviously since I received the email and I’m not “HSBC BANK ISTANBUL TURKEY”, this is an obvious scam email, as a legitimate email would have my name or email address next to the To: field.
Normally, I delete these obvious scam messages as I’m sure a lot of you do. Thanks to the media’s exposure to this epidemic, the common computer user of today is much more aware of the existence of scam artists and their attempts to steal a person’s identity, credit card numbers, passwords, etc. On the day I received this particular scam email, I was too bored to simply delete it and mark it as spam, that was simply not enough. I was tired of the constant barrage of these messages, so this time I decided to have a little fun with this so-called HSBC representative.
Below is a screen shot of the body of the first message sent to me. I highlighted all the obviously questionable parts and underlined spelling/grammatical errors.
This email has so many problems with its legitimacy, it’s ridiculous. This is probably one of the best attempts this particular scammer could come up with at the time of this writing. To think that there were many other messages like this one 3, 4, and even 5+ years ago attempting to con people out of their personal information and actually succeeding! It stuns me to think that someone may actually fall for this glaringly obvious trap. Luckily, thanks to increased awareness, these types of emails are probably not very effective anymore; but the fact that they’re still being sent in such large numbers means that a certain number of people must still be getting suckered by them, and that’s a crying shame.
Anyway, in order to mess with the scammer who sent this to me, I decided to send him something back. Although the experts always say to just delete spam emails and to never, under any circumstances, reply to them; I think they should be more specific and say: Just don’t send any personal information to anybody you don’t know and trust. Well, in this case I wasn’t about to send this guy any more information then he/she already knew about me (which was my email address and first and last name). In case you’re wondering, my first and last name are sent along with any email I send from my Hotmail account, so anybody who receives my email will automatically know who the email is from. This is how this particular scammer knew my name after I sent him a reply.
Now since I know this scammer is juvenile in his knowledge of the English language, I didn’t want to use any big words or say too much in my reply. So I simply replied with a message saying, “Give me all your details…” I just wanted to see what sort of response I would get from that.
The next day, I received an email from the scammer, but this time it wasn’t from Terry Grey, it was from HSBC BANK ISTANBUL TURKEY. This time (surprise) the email was actually addressed to me, which makes it look just slightly more official, but since I already knew this person was a scammer, this didn’t mean anything to me. Reading the email, I couldn’t help but laugh. The font style alone was enough to make this guy look like an idiot (no legitimate official uses all bold text).
Again, there are just so many things wrong with this email, it’s laughable. For starters, the Customer 24/7 Hotline number is different and email is from a different person now. It turns out this Serda Balta guy will be the same guy who replies to me after I continue to mess with this moron. Highlighted are all the questionable wording and requests. Some notable lines include: “clear yourself up with the IRS” and “make it hitch free”–are you serious? Talk about L.O.L. The initial activation fee request was also particularly interesting, since he says it will just be in my account…whatever that means.
Now at this point I was thinking this might actually be some guy in Turkey named Serda Balta, trying to con me out of my money, but most likely it’s some guy in Africa trying to make it sound like it’s some guy in Turkey. An African posing as a Turk…the world never ceases to amaze me.
Oh, and in case you’re wondering what the supposed “Deposit Certificate” looks like, here it is (notice how official and professional it looks). It really is a work of art, don’t you think?
I don’t even have to highlight all the things wrong with this certificate, but I did want to point out one strikingly hilarious feature of this “completely official” document. The portion I circled in red is what I like to call, “unbelievable.” Those of you who use Gmail might recognize it. This guy was so lazy and incompetent that he just took a screenshot of an email sent to him from HSBC and pasted it into this ridiculous certificate without even taking the time to crop out the header portion. This guy is a real class act.
And to top it off, he even sent a separate email at the same time showing off his fancy and oh-so-official-looking ID. Check this thing out:
Aside from the elementary school level-of-detail and polish of this ID, what is one thing you think looks most wrong about this picture? If you said the photo of Serda Balta, then you would be thinking the same as I did. Does this guy look like a “Serda Balta” to you? I suppose anything is possible these days, but the fact is, someone named Serda Balta looking like this guy ain’t bloody likely.
Well anyway, after receiving this email I was absolutely stunned by the audacity of this guy to think that this certificate and ID would pass as legitimate and then to request MY personal information on top of it. So in keeping with my strategy of toning my English down to this guy’s level, I replied back and said: “The picture in the ID does not look like you. To be sure you are not a scammer, please send me your credit card number so that I can verify your validity.” I actually tried to sound like one of them. “Verify your validity”? Who says that? And since when does a credit card number verify your validity? It doesn’t matter, because the fact is this is just one blatant example of something one of these idiotic scammers might say to any one of us. I’m just giving him a dose of his own medicine. Although in hindsight, I realize that they probably all try to scam each other because they don’t care who they send the initial “phish” emails to. They’re simply blasted out to as many addresses as possible, so the reality is, they probably all get each other’s phishing emails…but I digress.
So after sending my second reply, I received the most juvenile response from a scammer yet. Here’s the email I received after I told the guy to “verify his validity”:
The words to note are: “I can’t compromise my job” and “Just to please you.” Oh, I’m sorry…you can’t compromise your job by giving me your credit card number? What about you compromising my identity by asking me to send you my real ID, address, phone number, and whatever else he would’ve eventually wanted. Because you know it wouldn’t have stopped with just an ID, phone number, and address. And “Just to please you.” Oh, again I’m sorry, I thought you wanted to help me by transferring $1.2 million into my account which was apparently “long awaited” (see original email).
Lastly, the most humorous words he wrote, were the last three: “…then forget it.” Kinda’ sounds like a 13-year old telling his friend during a heated argument, “If you don’t like the painting I drew, then you can just FORGET IT!” or “I’m not gonna’ go over to yer’ house an’ spend the night…you can just FORGET IT!”
It really is sad that these people must sink so low to earn a living, stealing from “rich America” as they see it.
Well I knew I wasn’t going to get any farther with this guy so I decided to do a last-ditch hurrah and just try to scare the crap out of him. So I sent him the following reply email:
None of what I said about contacting U.S. authorities and utilizing “the most advanced” satellites is true. Like I said, I just wanted to try and scare the crap out of him. Maybe he read it, maybe he didn’t. If he did read it, hopefully he believed it. How is he to know I’m not affiliated with the government? How is he to know I don’t have access to satellites and know exactly where he lives? The fact is, he doesn’t know for sure, and it’s that fact that makes me hope he constantly looks over his shoulder and worry. Maybe he’ll never send another phishing email again. Of course the reality is, this probably will have no effect, but it was sure fun messing with him regardless.
Wouldn’t you agree?
Leave a comment and share your story of any notable run-ins you had with scammers or phishers, or simply feel free to share your thoughts on the subject. I hope you found this entertaining. Until next time!