Refresher or how to spot a “Bronze Package” scam

Hello and good day.  With the new year we will be presented with new twists to cyber thieves attempts to steal our credentials. 

Recently I wrote an article about the cybercriminal marketplace.  Check it out at Cybercrime Marketing: Why your Business is their Focus. Here is an update with a new example to share with friends, colleagues and others. This new example is a case of what I call a “Bronze Package” scam which I would define as a mid- to low-level scam purchase or implementation. (Think of this as “Scam-as-a-Service”, which you can buy.) A bronze package is relatively easy to spot if you know what you are looking for, so let’s take a closer look. 

The following email appeared in my inbox.


You know the first clue is the from the email address and that it is obviously fake. (note the .ch is the country code for Switzerland).

Now my interest was piqued by the attachment. Note An EML file is an email message saved by an email application, such as Microsoft Outlook or Apple Mail. It contains the content of the message, along with the subject, sender, recipient(s), and date of the message. EML files may also store one or more email attachments, which are files sent with the message. So, I decided to use my sandbox to open the attachment. Note A sandbox is an isolated testing environment that enables users to run programs or open files without affecting the application, system or platform on which they run.

Here is what was in the .eml

Now I have even more proof that this is scam because nothing in the original message matches. 

Additionally, or can you see these clues?

  • Notification| Payment is not an email address.
  • No one sends emails to “you.”
  • The date is from last year 2023.
  • Who is Goodearth-inc?
  • Why is it Goodearth-inc and not Goodearth Inc?

Of course, you see all of these clues. The final step, for me, was to actually click on the link and it was rather interesting.

First off, I got to see this page:

More “scammy” looking as evidenced by the URL. 

After a few seconds I was presented with the following page:

Bingo.  Another faked Microsoft login page for me to give away my credentials.

While I know all of this is not new to many people, there is good reason to refresh your memory as the criminals only need to be successful once…and we need to be safe all the time. 

I hope reviewing this example is instructive in helping you spot a scam. While I had a relatively “safe” environment (my sandbox) to use to open the attachment, I would caution you to never open attachments of any kind if their source is unknown or suspect. On a related note, the scamming market has gotten to be so dangerous that the Social Security Administration has created videos for our parents and grandparents. Check it out at How to spot a scam and there is also written content at New Year’s Resolutions to Combat Scams.

At Lead IT Consulting we custom craft IT service solutions for our customers that match their needs and pay extra attention to not take anything for granted. We also work diligently to encourage all users to ask questions all the time as taking time to ask a question is often all that stands between and bad email and a ransomware attack. If you would like to learn more about our services and how we might help you, please reach out through our Contact page or a no-obligation schedule a discovery call.


Scroll to Top