Warning: Watch out for "Evacuation process…San Clemente Nucklear Power Station" email

Posted by Michael in Tuesday, April 8th 2008   
Topics: General, Security
Tags: , , , , , , ,
11,342 views
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...

Just a quick note. Watch out for an email coming in from various news sources (mine came from “foxnews” and a buddy’s from “google news” that claims there was an issue at the “San Clemente Nucklear Power Station.” This is most obviously a fake, especially if you are not signed up to receive email notifications from news sources. (If you are, best bet it NOT to click on the link but rather to go directly to a news source to look for the story.)

This is what the email said:

Subject: Evacuation process has been started due to radiation leaks at San Clemente Nucklear Power Station.

Message: CNN, San Clemente, CA - Major Problems have been occured at San Clemente Nucklear Power Station - 20-year old circuit breaker fails to close, creating a 4,000-volt arc and fire. Possible radiation leaks on 100miles area. Evacuation process has been started - See current videoclip

Note: I removed the videoclip URL but it looked like this: http:// usa7. admin41. us / news_report.php ? portal = 21bzkwcdyDedsgdjcnwOkhb [I added some spaces within the URL to be sure that you don’t click on it.

There are some obvious red-flags here that show that this is fake:

  • Sender email - look at the domain “admin41.us” - that is NOT Fox News
  • Spelling errors - “Nucklear” - wow, that is a really bad spelling; “occured” - well, that should be “occurred”
  • Grammar errors - “have been occured” - no native English-speaking writer would compose a verb structure like that; “leaks on 100mile” - bad preposition
  • URL - doesn’t point to a news source. Most news stories would have their domain within the link
  • Accuracy - California has nuclear power plants in San Luis Obispo and San Onofre, not San Clemente.

I have not personally clicked through the link (and I don’t recommend that anyone do so). I got a sample from a friend and their URL is a bit different. If anyone knows more about this (or has clicked through the link, post a comment.)

HTD says: Watch out for this one!

Related Post

Spread the word

Bookmark to delicious

Stumble the post

Add to your technorati favourite

Subscribes to this post

Ping THIS!

11 users responded to this post

ninabambina73 said in April 8th, 2008 at 9:49 am    

I clicked because I live in NYC and family in Southern California.Thankfully symantec would not let me run or save.

Michael said in April 8th, 2008 at 9:58 am    

@ninabambina73,

Thanks for the comment. Be sure to spread the word about this. Perhaps you can digg it so that people learn about it. Just a thought.

-HTD

Lisa said in April 8th, 2008 at 2:46 pm    

Thanks for posting this warning. I received this email this morning and was wary of opening it. I used Google to search for the terms and found several blog posts. The first link I clicked on gave me a McAfee Site adviser warning that the site is associated with phishing. Good to see someone getting some good information out there about this!

-Lisa

andy cochrane said in April 8th, 2008 at 3:03 pm    

Found your site while Googling this email (mine came from “NPR”). Figured it was a scam but I live inside that 100 mile radius so I wasn’t about to just delete and ignore. But no major site was covering it so I stuck with my gut instinct that it was spam. But really alarming spam! Isn’t there a law in the US that protects free speech up until the point that it is used to cause a panic? The example I remember is that screaming “FIRE!!” in a crowded movie theater would not be protected speech. Maybe we could sue these spammers???

Michael said in April 8th, 2008 at 3:23 pm    

@Lisa & Andy,

Thanks for the comments. I’m glad that the news is getting out there. I suggest, if you can, to Digg this and/or submit to some of the other social sites out there.

It did catch me but I clicked through on my iPhone knowing that it “probably” wouldn’t get affected.

Digg it!

Thanks,
HTD

John Blackthorne said in April 8th, 2008 at 4:36 pm    

I have experienced the same problem, the link it wants to goto is: http:// worldnews7.serial43.in /news_report.php?agentid=14cyywedeDfjOkhb

It then wants you to download and run the file:
news_report-pdf-contentviewer.exe

Jennifer said in April 8th, 2008 at 4:50 pm    

I received it from CNN - scared the crap out of me! I’ve been searching the news to make sure it was a hoax - figured it was as soon as I noticed the misspellings. But JESUS I screamed out loud when that one came through. My family is in Carlsbad. Good looking out.

MIKE said in April 9th, 2008 at 4:58 am    

timely news, well done all! it looked dodgy and i avoided it like the plaque, thanks guys. When will these guys give up phishin!

Monica said in April 9th, 2008 at 12:17 pm    

I copied and pasted the link and it told me to sign in… so it seems as though its phishing… for your username and password for access to your account.

e_james said in April 10th, 2008 at 7:54 am    

I have received several emails recently on an account which I thought was free from spam. Two refer to San Clemente Nucklear and one to Barack Obama. On another account one refers to Sizewell B Nucklear. The IP addresses indicate that the senders mostly use ISPs in Poland (one in Ukraine). My own google search led me to blogspot posts which seem to have been placed deliberately to be found in such a search. In all cases the objective seems to be for me to view a video clip, which I have not done. Someone out there seems to be trying harder than usual to get my cooperation. Perhaps he should study English spelling and grammar. I would really like to know how he got my email address.

P J Evans said in April 10th, 2008 at 12:26 pm    

The spamtrap where I work caught it yesterday. The subject line was enough to tell me it wasn’eal, but I was curious if the rest was as bad.

Leave Your Comments Below

« Twitter Updates for 2008-04-01
BART Ticket Kiosks Running Windows 2000 Professional? »