I run several high traffic blogs and see all kinds of strange spam. Even someone as experienced as me is almost tricked on occasion.
Today I received an email from Josephine.bergson@lltconsulting.net. This email came through my contact form and was not flagged as spam. The email said that if I clicked on the link in her email I would be taken to a page that would show me the banner that LLT Consulting wanted to display on one of my websites, and that they would pay me anywhere from $450 – $750/mo display this banner.
How to tell this is a scam:
There are many ways to tell that this message is a scam. First of all, they have no idea how much traffic the website is getting. A banner ad on this site was not worth $750. On some of my other sites, they’d be looking at $5,000/mo to get an ad on it.
I fired the link up on one of my Linux boxes. Upon arrival I could see the Java exploit. If you visit this link on a Windows PC that is not up to date you would be infected with some sot of Trojan. Never click on a link a stranger emails you.
If you Google Josephine’s email address you will see that her spam is littering blogs everywhere. Assomeone who used to work in IT removing malware, there is no doubt in my mind that this one single scammer has wreaked havoc on hundreds of machines (or more).
Usually by now you know the message is spam, but, the very curious can do a “who is” request using Who.is. If the domain is new, registered to a funny name, in a foreign country, renewed recently, and does not belong to a legitimate sounding company you can be sure that the email has ill intentions. In this particular case, the domain is registered to someone in Czechoslovakia.
Stay safe, bloggers
Scammers, spammers, and script kiddies target WordPress websites all of the time. Secure your site, keep it backed up, and delete emails that are too god to be true.
- Google “Pure Spam” Penalty Deindexes Sites March 6 2024 - March 12, 2024
- What Happened to ChicagoNow.com? - August 30, 2022
- The December 2021 Google Local Pack Algorithm Update - December 17, 2021
Got the same message from the same person today:
“My name is Josephine Bergson representing the advertising department of the LLT Consulting company. We are interested to place ads (banners), of your choice, on your websites.”
Don’t bother clicking on the links, as Len says it’s malware.
Thanks Ian!
Hey Len, I got the same email. Unfortunately I clicked the link and installed the java. If it is malware, what should I do now? Thanks a lot!
Uh oh, time to get the trojans removed. Go into safe mode, run Malwarebytes and ComboFix – these are free malware removal tools. After you will need to update Java & Flash. Manual removal may be necessary if your browser has been hijacked. That should get you started..
Yeah happened to me. But I opened on phone. Nothing happened
If u go to my blog .. blogsneversleep.co.uk search computer issues. U can download the aware programs there.
Hello, same mail came to my contact mail today, offering me up to $950.00/month. I did click on link of that llt consulting company but nothing happened. I’ll run my antivirus to check if i picked up anythings. Anyway, thanks for this blog/site. very useful information.
Czechoslovakia ceased as a country in 2003
I don’t think so:-)
Actually, it was in 1993, when it split into the Czech Republic and Slovakia, which are two independent countries.
Hello,
Direct mails like these almost always get deleted as they are 99% always spam even though they can sneak through the filters sometimes. I was gonna click the link in a sandbox just to see what they’re doing over there but decided against it and googled the name and came here instead.
Thanks for doing the Linux legwork and this warning!
Unfortunately this isn’t the #1 spot on google but it’s on the first page!
If you’d like to get it to the #1 spot for Google then consider our service for only $821,750 a month… Just kidding!!
Thanks for posting a warning for others!
Have a great day
March 10, 2015, I received the email yet again, this time on a client site. It reads:
Sender’s name: Josephine Bergson
E-mail: josephine.bergson @lltconsulting.net
Phone: 420498606201
Message: Hello!
My name is Josephine Bergson representing the advertising department of the LLT Consulting company. We are interested to place ads (banners), of your choice, on your websites.
Design and sizes can be seen on our website at lltconsulting .net/***********/
Depending on the banner size you choose we can pay up to $950.00/month.
If you are interested to become an advertising partner please let me hear from you.
Kind Regards,
Josephine Bergson
josephine.bergson @lltconsulting.net
Got the same email today, I tried to run the java applet with icedtea web (linux mint), but since I’ve set it to not allow disk reads, disk writes.. the applet does nothing. I’m wondering what the applet does (or can do if running free on a windows pc), that’s really what I’m curious about, does it have access to the browser data/passwords/history? to the computer files?
No idea. I have been assuming it just installs some crummy malware. Someone should test it!
I also just received an email from this same guy. I didn’t trust the email in the first place. The subject line also looks suspicious “FIY”. Just out of curiosity, I Googled his name and website and came across your post. Thank you for the post.
Thank you for the good word Len. I should have known better and searched, but I did indeed click the link as well. You mentioned danger for Windows PCs, but do you foresee any damage to Macs?
I am a bit OSX ignorant, but, apparently it DOES affect Mac/OSX as well. I got an email yesterday from someone who told me that he found the application and deleted it. He said that it didn’t seem to be doing any bad things to his computer, but just to be safe he ran a scan with a Mac specific program and deleted 2 suspicious “things”.
I have seen so may Windows infections I assumed it just affected MS products.
I received the same email and was surprised cos our Real estate website isn’t up to a year but fortunately for me I always open strange links on my blackberry or mobile device so I was unaffected. I couldn’t even view the website.
My name is Josephine Bergson representing the advertising department of the LLT Consulting company. We are interested to place ads (banners), of your choice, on your websites.
Design and sizes can be seen on our website at www. lltconsulting .net/id_ukgjj5gu/
Depending on the banner size you choose we can pay up to $950.00/month.
If you are interested to become an advertising partner please let me hear from you.
Kind Regards,
Josephine Bergson
josephine.bergson @lltconsulting .net
I was sent the same email on 3-18-15. The scammers don’t even have a website for mobile viewers. lol. Thank you for posting this!
Got this mail today. Tried to see it on mobile and failled. Then I opened it in chrome and page loads, but it didn’t ask me any java applet or script to install. I’m using Windows 8.1 and Kaspersky Interset Security. I don’t think I got infected.
Thanks.
Thank you for this information shared. I received the same email from the same scammed.
I also opened it on my phone and it said the site was not optimized for a phone and then directed me to go to the link on my computer.
Thanks for posting the heads-up and confirming that this was another exploit attempt. They contacted us through a form on our website (seriously, putting out the effort).
Hi Len,
I rec this email as below too. Glad 2 know from u, tat its a scam. Thx u very much, Len.
My name is Josephine Bergson representing the advertising department of the LLT Consulting company. We are interested to place ads (banners), of your choice, on your websites.
I got the same email today. I’m happy about this first. But I know this is scam. The main reason I though this is scam are “java applet” and unreasonable price for banner
Thank You!
It was too good to be true ….
Stay alert.
Thanks. Received the posting from our web site form. We are a low traffic specialized service and this did not seem right. First we looked up the international phone code and got the Czech Republic. Some are getting a phone number that begins 43, the message we received had a phone number that started with a 42. Then we Googled (do any of you remember Barney Google — never thought I’d use his name as a verb?) and got this post and others about the possible scam. Thanks for all clarifying contributions.
If it sounds too good to be true, it usually is.
I also received the email from my contact page and figured it was spam right away. Thank you for the article and confirming my suspicions.
I also received an email from them today. I thought to mail them back:
“Dear,
Thank you for contacting us. I’m very interested in your offer. I will download the banner add and I’ll put in on the website. You may transfer the money to my Paypal address: stop@scammingpeople.com
Best Regards,
Jordy”
Thank you…
It happened to me…
Regards,
Cinta
I also got the same mail and clicked on download java. but didn’t run it. will it be effective?
Just received the same email today. It was the bad grammar that alerted me to a potential scam – one of the many times my English major has come in handy.
Omg, I received the same email this afternoon :(( and I didn’t do a checking but immediately downloaded Java and run it in Chrome. What will be the risk? What should I do now?
Thank you so much for sharing. Next time I will be careful.
Regards,
Yaffa
Len,
Thanks a million for your warning. I got that email too and went to her website. I saw the Download Java box and figured it was a scam, so I killed the webpage.
Question: Is my PC in danger? I visited the webpage and looked at it for a few seconds, but didn’t click on the download. I just ran a quick Norton scan; nothing serious found, but I’m wondering if I need to run Malwarebytes too.
Biting fingernails,
Luke
Sounds like you should be fine. 🙂
I got this one too .. but it was for a beta site I was developing that I’d recently opened up. So you want a banner add on a dev site that has zero traffic? yeah right.. Thanks for posting this so folk know it’s a scam
Wow, I got this email about 10mins ago. But my information security knowledge and skill was handy. I did not attempt to click the link. I did not even copy and paste the link but went straight to do some basic check that anyone can do.
initially I thought it was a contact of mine that places ads on one of my high traffic sites. But because the other site is not in my real name.
Stay safe pals.
Gossiping about me, dear friends?
Ha, it’s a joke 🙂
I found the same letter with a proposal to place a banner on the site, which is still being developed. Of course I did not believe this letter and Google confirmed my fears.
Len, thanks for posting.
Hey Len. Thanks for posting this warning. I also got the same offer today. They contacted me through a form on my website offering me up to $950.00/month. I didn’t click the link to install the java but I did click the link that took me there. Any chance I got infected (?) I have a Mac/OSX. Thanks.
“Sounds like you should be fine :)” I got my answer… Thanks
Helpful .. thanks. Got the same mail.
I received this too, your article was very useful for me to avoid wasting time and avoiding damages and unpleasant things. Thanks!
this happened to me today..it sound to good to be true.
$950/month for a little traffic website??
must be joke of the day!
thanks len for your helpful article.