One of the nastier scams currently promoted by spam is the 'fake check' scam. The spams associated with this scam are fairly easy to recognize, consisting of a pitch for a 'job opportunity' that involves working as a 'receivables clerk' or 'remote manager'. The list of requirements usually include a bank account. The spams explain that the need for a bank account is 'so we can pay you', but what they really mean is 'so we can rob you'.
Like other spams, the 'fake check' spams are constantly evolving. The simplest variant consists of a description of the 'job', and an email address to contact for more information. The addresses are typically throwaway addresses at sites such as 'netscape.net'.
A more refined variant involves a link to a website where the potential victim can go to learn about the fictitious company that will supposedly be paying them. Some of the sites are quite crude but there's at least one operation, which I refer to imaginatively as Unknown Scammer 001, that puts together extremely polished websites with multiple pages and superior graphic design (there's some reason to believe that they may be stealing both body copy and graphic elements from other sites). Unknown Scammer 001 is quite technically sophisticated, using a net of zombie PCs to host web and DNS services for their operation. If you do a lookup for the IP address of one of their web sites, you'll typically find that it's being hosted on five or six home or office computers, presumably hijacked. The same machines also run DNS, making it virtually impossible to take them down unless you can convince the registrar - Scammer 001 uses a mysterious registrar called 'servera.info' a lot - to pull the plug.
Other players in the same game register domains that are apparently intended to be mistaken for legitimate companies. One scammer - calling himself UPS Mail and claiming to process '13,000 inbound packages a month' - registered the domain 'ups-corp.us', apparently hoping to be mistaken for United Parcel Service. Another has gone further and cloned the website of NuMarkets, an eBay auction and listing store. The cloned site, at 'numarkets.us', differs only slightly from the real NuMarkets site at 'numarkets.com', but the domain is apparently registered to a Yemeni and the name servers for the domain are in Russia. Incidentally, the name server, doclogs.biz, appears to be associated with other fake check and phishing scams.
NuMarkets has not responded to inquiries about this abuse of their name, and the cloned site is still up.
It turns out that the scammers don't even need to make their own websites. A couple of recent spams from 'Victor Levoy' claimed to be sent by a Russian company called Chersa Sport and included a link to the company's website, which is all in Russian. The spam itself is in English and includes a mail address to contact for more information.
The twist here is that Chersa Sport may well be a legitimate company and this is probably their real website. I can't be certain of this because I don't speak or read Russian, but if you think about it you'll see that there's no actual need for the spammer to own that website to make the scam work. The intended victims - who probably don't read Russian either - will go to the website and see that it appears to belong to a thriving and unquestionably Russian company (just as the spammer claimed). If they're taken in, they contact the scammer through the address given in the mail. This is a free address from 'albaha.cc', a site owned by Egyptian free mail provider 'gawab.com' ('gawab.com' addresses are extensively used in the simplest fake check spams, the ones that don't reference a website). The real connection between that address and Chersa Sport is most likely zero.
This is almost inspired. If you're planning to scam someone, why go to the trouble and expense of setting up your own website when you can simply use someone else's as window-dressing? And the spammer's exposure is limited to a single anonymous email account, making it very unlikely that they can be tracked down.
The scammers are constantly refining and changing their tactics, and we certainly haven't seen all the possible variations on this theme. As with all spam, the only real answer is for email users to become more aware so that they won't fall for tricks like this. Unfortunately, the payoff for this scam is large enough that it only takes a few victims to keep the spammers in business, so it's unlikely that fake check scams - and the associated spam - will go away any time soon.