I intended to craft a detailed explanation of how I determined that a couple of strange emails were nothing but spam, albeit with a somewhat novel (to me, at least) twist. But the details of examining email headers and running traceroute against seemingly U.S.-based domain names and finding they are hosted in France proved too monotonous to document step-by-step.
So I’ll make it brief, for my own reference if nothing else. If you got an email appearing to have come from something like BravoTV.com or JeffJensenPhotos.com thanking you for purchases you never made you can safely delete and ignore. No one has stolen your credit card info or hacked into your email.
The reason I found these email mildly intriguing was that they didn’t look like most spam. I do not get much spam these days, I’m happy to say, but fraudulent and phising emails virtually always have some signature telltale sign belying their authenticity, usually in the way of poor grammar or spelling.
Such email are also usually littered with URLs to sketchy looking domains like ghjkageyudtoyu.biz or any of the ever-expanding universe of top-level domains that might soon turn any two words with a dot between them into a fully-qualified domain. These emails I received had no links to any websites, and no embedded images or hidden HTML tags, the latter which further characterize fraudulent email.
The English, while not obviously horrible, was just weird enough to suggest this was spam. A look at the full email headers revealed that the message that appeared to be from BravoTV.com actually originated from a data center in France, through the domain name idaholandauction.biz; the one that looked like it came from JeffJensenPhotos.com originated from the United Kingdom.
IT’S ALL ABOUT THE PHONE NUMBERS
The only contact mechanisms in these emails that appeared to be functional were the phone numbers. One email suggests that if you have questions about being charged for BravoTelevision you can call them at 814-351-9579. Don’t do it. The JeffJensenPhotos.com email invited you to call 469-646-0884 with any questions about your fictional purchase of a bunch of laminating pouches and ink cartridges. Don’t do that, either.
The goal of these emails seems to be phone number harvesting. These are most likely attempts to get phone numbers of those gullible enough to respond to these emails and exploit that gullibility in some way. By getting you to contact them they would have successfully exploited a loophole in the Do Not Call Registry, which allows them to call you all they want if you contact them with an inquiry. From the FTC website:
If you make an inquiry or submit an application to a company, it can call you for three months afterward.
Getting you to call them first is the bait. Don’t bite.