Online Scams in France: Making Grand Larceny Grandiose

What Perils Doth the In-Box Hold?

November 11, 2015By David JaggardC'est Ironique!
ParisUpdate-E-mail-Inbox
“Egad, Holmes!” the good doctor cried. “You mean to say that if some hapless victim so much as double-clicks the attachment, this archfiend can deduce his address, birthdate and social security number?”

France in general, and Paris in particular, have long been known as paragons of style and elegance: chic fashions, stately architecture, refined cuisine, debonair poodle trims… And now we even have a high-class e-mail scam.

These days malicious spam is a fact of life, of course, but I remember when I received my first ill-intentioned e-mail back in the 1990s. About a week after opening an account, I got a solicitation for the advance-fee scheme that used to be called the “Nigerian Bank Scam” but that should now be called the “Every Country on Earth Bank Scam.”

The experience was, in a strange way, awe-inspiring. I had heard of the swindle but never actually seen concrete evidence of it. It was like crossing paths with a minor, and sleazy, celebrity. Dominique Strauss-Kahn, maybe. Or Tiny Tim.

Over the subsequent months and years, like everyone else who has ever sat in front of a computer, I was subjected to a steady barrage of bald-faced cons. Not only was I chosen to help a former Third World government (or military, or bank, or church) official transfer 10 (or five, or 12, or two) million dollars out of the country, but I also had somehow won a lottery that I never entered, been selected for a dream vacation in Disney World, had my computer infected by a nonexistent virus and would lose my PayPal account unless I sent my password to someone whose e-mail address might as well have been liar@burningtrousers.org.

Oh, and thousands of Russian and Thai women had fallen in love with me sight-unseen. Which was apparently why I needed massive doses of erectile dysfunction meds.

But none of those messages looked real. Besides having preposterous premises, they were always full of spelling and grammar mistakes. (Note to spammers: there’s this amazing new-fangled thing called “spell check.” You should try it sometime!)

Then, earlier this year, I started receiving messages like this one:

ParisUpdate-PhishingSpamMessage

It says:

“Barring error or omission on our part, a verification of your account in our records reveals a balance in our favor corresponding to the attached invoices. We would be grateful if you could remit this sum immediately upon reception of the present statement.

“If, however, there be any misunderstanding concerning this reminder, we ask that you enter into contact with our offices in view of finding a solution that will be in our common best interest.

“Confident of your understanding, we beseech you to accept, Madame, our distinguished salutations.”

The tone is so punctiliously formal that just reading it is like Viagra for the pinkies, and the French, at least according to me and the Microsoft Word “Tools” menu, is impeccable. Not only that, but the pretext is perfectly plausible. It’s exactly the kind of message I would expect to receive if I owed money to a French company.

But, even ignoring the fact that I’m not a “Madame” (or not yet, anyway), there are several things wrong here: I have never heard of the company in question, I sure as the-Métro-during-a-transit-strike don’t owe them any money, and, most tellingly, none of these e-mails come from within France.

Some give the name of a real French company with a real postal address, I suppose copied from the Yellow Pages, but the sender addresses are in Canada, the Netherlands, Taiwan, Romania, Cambodia, etc., etc. A lot of different countries, including some where you can get a decent croissant, but never France.

And, as implied by the example quoted above, all of the messages come with an attached Word file. Or perhaps an attached “Word” file.

As any kindergartener can tell you, there are four basic rules for avoiding big trouble in life:

1) Look both ways before crossing the street,

2) Don’t take candy from strangers,

3) In the name of all things holy Do! Not!! Ever!!! click on an attached file unless you know what it is.

4) If you have to choose between 2 and 3, take the candy.

Naturally, being a sensible person with a hard disk to protect, I deleted the messages without bringing my cursor anywhere near the attachments. Until last weekend, when, being a reckless person with a humor column to write, I decided to open one and see if it really was a bogus bill or some kind of malware.

Don’t worry — I’m still sensible! Here’s what I did:

After copying a few of the dubious “.doc” files onto a flash drive, I hooked up (offline) an old Mac that I never use any more. I figured that even if the file turned my hard disk into a ferromagnetic beer mat, it wouldn’t be a big loss, and without an Internet connection it couldn’t raid the computer for ID theft information or turn it into a remote-controlled kiddie porn mill.

When everything was ready, I braced myself, took a deep breath, strapped on protective goggles and used a 10-foot pole to click on one of the files. And… And… And… And…

And it opened in Word and displayed the following message: “An error occurred while preparing to display the contents. Please enable macros in order to correctly view the contents of the document.”

For those who don’t get the gist, here’s what the wise voices on Wikihow have to say about enabling macros in Word:

“‘Enable all macros’ is not recommended. Potentially dangerous code can run.”

In other words, complying with the file’s instructions is foolish — almost as foolish as checking a box that legally certifies your acceptance of terms and conditions that you haven’t even read. And what kind of idiot would ever do that?

So, yeah, it was some kind of hostile hack-attack. [Note: everything in this article up to here is true.]

But gee. Since the e-mail was so nicely formal and the error message said “Please,” I enabled macros anyway to see what would happen.

Next thing I knew, the individual dots of color on the screen started multiplying and separating until the message was no longer legible. Then they swirled toward the center of the screen, forming a whirling vortex that slowly took on the shape of a fiery-eyed demon who then emerged from the screen in three-dimensional form like that creepy woman in The Ring, clamped onto my face like that even creepier octopus-ish thing in Alien, crawled through my ears and nostrils into my brain and made me write this:

As it turned out there was absolutely nothing to worry about. Also, I really did owe that company money. So I mailed them a check, adding 10 percent for damages and interest, and then drained my bank account and sent all remaining funds to my new lord and master, satan@hell.gov.

In conclusion, if you ever receive one of those messages, take my advice: click on the file right away! You won’t regret it!

Look at me: since doing it, I’ve won the lottery, discovered the secret to earning thousands of $$$ per week at home and invested in multiple stocks just before they went through the roof. As I write this I’m on vacation in Disney World surrounded by beautiful Thai and Russian women. And keeping my pinky up.

 

© 2015 Paris Update

Favorite

An album of David Jaggard’s comic compositions is now available for streaming on Spotify and Apple Music, for purchase (whole or track by track) on iTunes and Amazon, and on every other music downloading service in the known universe, under the title “Totally Unrelated.”

Note to readers: David Jaggard’s e-book Quorum of One: Satire 1998-2011 is available from Amazon as well as iTunes, iBookstore, Nook, Reader Store, Kobo, Copia and many other distributors.

Follow C’est Ironique on Facebook and Twitter.

What do you think? Send a comment:

Your comment is subject to editing. Your email address will not be published. Required fields are marked *

Subscribe for free!

The Paris Update newsletter will arrive in your inbox every Wednesday, full of the latest Paris news, reviews and insider tips.