How It All Began:
So, I'm sitting here, minding my own business, sifting through the mail the other day, and something unusual catches my eye. The first thing that I notice is that the name is wrong. It has an incorrect variation of my name, along with an email address which is unassigned on my domain. The latter got it caught in my catch-all, the former made me a little curious. In general, the only people who use that incorrect variation of my name are people who make the incorrect assumption that that is my full name. It's not. Before I send this into the memory hole, and block the sender's IP and domains as spam, I notice that it's also referencing a client's company by name. Perhaps I will have to look a little deeper into this. What could have happened? Disgruntled former employee? Possible. There have been enough of those, and some guesswork instead of seeing my actual business card may have yielded to guessing. One of the machines got infected/hacked/compromised? Possible, but would not explain the wrong name and email. That would involve guessing or assumption. Combing social media/search engines? Client thinks so, but I say "very unlikely". I say that because there are absolutely no professional listings that would use either name or email. There are a couple other scenarios, but the most likely are some contact of his, along with some guesswork.
What it said:
Basically, I was addressed by (incorrect) name to be a guest of a Shelly Fitzgerald. The email was written as a follow-up (titled as such) to an invitation to a "Chicago Tech Summit" at the Marriott Medical District/UIC "at no charge". However, I'm encouraged to "register right away", and I'm given a link. At this, she signs off as "Planning Director, Chicago Tech Summit". Conveniently there is no contact information. From my years in dealing with spam, I'm skeptical of return address validity. I do a little lookup:
host chicago-summit.com
chicago-summit.com has address 69.94.129.202
chicago-summit.com mail is handled by 10 mail.chicago-summit.com.
I looked up the domain, too, and here is the significant Whois information:
Domain Name: CHICAGO-SUMMIT.COM
Registry Domain ID: 1941529691_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.enom.com
Registrar URL: www.enom.com
Updated Date: 2015-06-23T13:38:22.00Z
Creation Date: 2015-06-23T20:38:00.00Z
Registrar Registration Expiration Date: 2016-06-23T20:38:00.00Z
Registrar: ENOM, INC.
Registrar IANA ID: 48
Reseller: NAMECHEAP.COM
In bold I've noted that this "Chicago Tech Summit"'s website was just registered on June 23. I left off the registrant information because they used Privacy Guard, who there's nothing useful other than the registration dates and registrar. I also don't find any significant references to it on the Internet - at least nothing positive. Time to check it out. First thing up, this site screams "cookie cutter". I'll circle back to this in a bit. Something that stands out to me is the sheer volume of "corporate sponsors"
Following up what appears to be a logo-collage, is a schedule of the day's events for this "tech summit". For some reason (maybe because this is my field?) the itinerary looks fishy. Maybe that it doesn't seem to mesh with the sponsors, maybe there is no advertised or suggested keynote speaker. Maybe it's some of the vague terminology in the "schedule of events"?
There's still also the "free" aspect, which seems to ring that bell about a free lunch - since lunch is included too.
So, as I look on this page, the only thing I see is a phone number (312) 491-1234 (this is the hotel phone number). By the way, as of the writing of this, the hotel does have an interest reservation, but it's not guaranteed, and the names affiliated do not match. What they have is "Biz Summits". I'm even more suspicious now.
I look a bit deeper...
At this point in time, I have looked at the domain (chicago-summits). On the surface, this seems a dead end, since I don't have much to go on from. Ahh, but I also have the email headers. This indicates to me that the email came from a device called "shelly-mac" on an internal network to the server "columbussummit.com". Looking at this site, it appears pretty much the same as chicago-summit. Pictures are the same, the domain was registered the same day, same registrar, and the same privacy guard as the Chicago. The only differences are that this one is hosted in a hotel in Columbus, OH, and has the hotel's info: The Westin Columbus - (614) 228-3800.
host columbussummit.com
columbussummit.com has address 66.118.163.227
columbussummit.com mail is handled by 10 mail.columbussummit.com.
I am noticing something though an email with a techsummits.org domain. Techsummits.org has a little more info in the whois. For instance, they list a registratnt of Biz Summits, with an Atlanta, GA postal address. They also list a human as their point of contact - Shelly Fitzgerald (I've read that name before....). For the time being, I will refrain from posting the contact number, as the Tennessee phone number listed in Whois is apparently her personal cell phone, and she was very surprised to have a phone call on it regarding the... anomalies ... in her email. She did her best to assure me that this is a legitimate "summit" and should prove valuable, and such. Sorry, but I'm not buying it. I'm also noticing the "confidentiality notice" in her email. She would like me to mail her so that she can figure out "how I got contacted, in the manner I was".
As I'm listening to her try to go into snake-oil mode, I'm also noticing the "confidentiality notice, which again has the wrong name & email address. However for contact information, it tells me to contact a Thomas [left out] at [Address Withheld] in Kankakee, IL. A public records search of that man's name shows two people in America with that name. There is a possible 80+ year old man in Michigan, and a 65+ year man in Indiana. Neither is close to Kankakee. In fact, the woman at the Kankakee address has had her postal address used and abused by purveyors of the bogus, and this is just one more thing with which she is not affiliated.
A little deeper into it...
Using the phone number and contact name from the "techsummits" whois, I run a search. It wouldn't be a surprise to see that it's either a fake number, or has a ton of complaints. The number matches up with some other cookie-cutter "summit" sites. They also reference Ms Fitzgerald connected to this phone number. This is the point at which I made my contact. She did seem genuinely surprised, as she thought her number was sanitized from the websites.
I mentioned earlier about the "logo collage" on the page. It's interesting that some of these "sponsors" don't know that they're sponsoring events in at least two cities (per the email referencing Chicago, and coming from Columbus). Playing around with certain keywords, other cities can be found to be tied to this outfit - more than just two cities.
I also find interesting the low quality that went into putting this together. I would expect a company that is claiming to be on the cutting edge with "tech summits" to inform guests of the latest and greatest; would have such mediocre presentation, images lifted from other sites, and very poor SEO. In order to actually find a first-page result with Google, I need to to provide more search terms. This doesn't do well for their visibility.
Also interesting is that when I plug in some other terms (like "BizSummits") I find a lot of people that take issue with the parent/other aspect of this "company". For instance this site breaks down some similar *summit emails over a few year period of time. This one from 2012 describes how one individual questioned the legitimacy, with her follow-up detailing an attempted (empty) threat by a representative of the company for daring to question legitimacy. Getting a bit more direct, this link calls them out as the scam they appear to be. Not only are the "advertising tactics" called into question, but the photos used for the web sites are shown to be pilfered from other web sites. hrm, I wonder, if they get their pictures and templates from others,... do they actually buy their software, or .... (Not accusing, just wondering....).
That last page also includes a conversation thread where the "executives" are attempting to bribe their way into having the post removed/amended with "free membership". They're also attempting to shout-down criticism. Riddle me this, Batman: If this *summits outfit is so big, and busy and whatnot, how doe their executives have the time to get into spats with bloggers?
I found another interesting thing about them. Their signup page? Well, that's not secure, either. So, they have a web submission form, where you can put in all your personals - including CC, expiration, CVN. It looks an awful lot like most of the bank scam sites I've reported over the years. But, even if they are "legitimate business people", the payment site is not secure, and subject to malicious behavior.
My conclusion:
I see a lot of scams cross my inbox and catchall. This feels like another one. Frankly, I don't care if Shelly Fitzgerald, Michael Price, or Kristin Mathis get their knickers in a twist over this. My opinion is my opinion. It is not for sale in exchange for snake oil, and I do not intend to retract this. My conclusion is based on the following facts:
- The "summit" domains were mostly registered with privacy guard just over two months ago as of the time of this posting. If legit, I would expect them to proudly attach their name.
- Basic Internet searches for the events (which if truly sponsored by the claimed corporations should be highly ranked) reveal second or lower page results - This indicates poor SEO, Why would major corporations (or professionals) invest trust or money?
- The advertising is deceptive, and shady (sending to a non-person and unassigned email address, and writing as if they had a pre-existing relationship with this non-entity?)
- The email contains intentionally false contact information.
- There clearly was no "opt-in" to this. There clearly was no pre-existing relationship in any fashion. Nor will there be, moving forward.
- There also was no real "opt out" (not like those usually work with spammers and scammers) either.
- The "summit hosting company" made it intentionally difficult to find contact information beyond hotel phone numbers and addresses.
- The agenda looks to be rushed and vague. No "keynote speakers" are listed. Also, some of the topics seem vague to the point that they appear worth less than a basic Internet search
- If the quality of the program is questionable, the quality of the signup page looks worse. How is it that a "tech summit" is accepting credit cards through a non-secure page?
- Regarding their pages, they seem to copy a lot from others. or just use stock. Professionally, I see this as somewhere between a no-no, and a lazy/incompetent web designer. This doesn't inspire confidence in their leadership ability.
Data:
"Columbus Summit" (from source of email)
host columbussummit.com
columbussummit.com has address 66.118.163.227
columbussummit.com mail is handled by 10 mail.columbussummit.com.
whois 66.118.163.227
[trimmed a bit for relevance]
[trimmed a bit for relevance]
NetRange: 66.118.128.0 - 66.118.191.255
<>
OrgName: Sago Networks
OrgId: SAGO
Address: 4465 W. Gandy Blvd
Address: STE 800
City: Tampa
StateProv: FL
PostalCode: 33611
Country: US
<>
OrgAbuseHandle: ABUSE32-ARIN
OrgAbuseName: Abuse Team
OrgAbusePhone: +1-866-366-3640
OrgAbuseEmail: abuse@sagonet.com
whois columbussummit.com
Domain Name: COLUMBUSSUMMIT.COM
Registry Domain ID: 1941527913_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.enom.com
Registrar URL: www.enom.com
Updated Date: 2015-06-23T13:16:53.00Z
Creation Date: 2015-06-23T20:16:00.00Z
Registrar Registration Expiration Date: 2016-06-23T20:16:00.00Z
Registrar: ENOM, INC.
Registrar IANA ID: 48
Reseller: NAMECHEAP.COM
Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: WHOISGUARD PROTECTED
"Chicago Summit" (from body)
host chicago-summit.com
chicago-summit.com has address 69.94.129.202
chicago-summit.com mail is handled by 10 mail.chicago-summit.com.
whois 69.94.129.202
NetRange: 69.94.129.192 - 69.94.129.203
CIDR: 69.94.129.192/29, 69.94.129.200/30
NetName: DATANOC
NetHandle: NET-69-94-129-192-1
Parent: DATANOC (NET-69-94-128-0-1)
NetType: Reassigned
OriginAS: AS16578
Customer: MICHAEL PRICE (C01244624)
RegDate: 2005-12-15
Updated: 2010-04-28
Ref: http://whois.arin.net/rest/net/NET-69-94-129-192-1
CustName: MICHAEL PRICE
Address: 801 Kellerman Kreek
Address: BIZSUMMITS
City: Marietta
StateProv: GA
PostalCode: 30068
Country: US
RegDate: 2005-12-15
Updated: 2011-03-19
Ref: http://whois.arin.net/rest/customer/C01244624
OrgTechHandle: IPTEC7-ARIN
OrgTechName: Ip Technician
OrgTechPhone: +1-916-366-0170
OrgTechEmail: iptech@lanset.com
OrgTechRef: http://whois.arin.net/rest/poc/IPTEC7-ARIN
OrgAbuseHandle: ABUSE1152-ARIN
OrgAbuseName: Abuse Department
OrgAbusePhone: +1-916-366-0170
OrgAbuseEmail: abuse@lanset.com
whois chicago-summit.com
Domain Name: CHICAGO-SUMMIT.COM
Registry Domain ID: 1941529691_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.enom.com
Registrar URL: www.enom.com
Updated Date: 2015-06-23T13:38:22.00Z
Creation Date: 2015-06-23T20:38:00.00Z
Registrar Registration Expiration Date: 2016-06-23T20:38:00.00Z
Registrar: ENOM, INC.
Registrar IANA ID: 48
Reseller: NAMECHEAP.COM
Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: WHOISGUARD PROTECTED
"Techsummits.org" (referenced in the website)
As a courtesy, I will not post the whois information, as it appears to contain Ms Fitzgerald's personal cell phone as the number.
host techsummits.org
techsummits.org has address 72.9.103.219
techsummits.org mail is handled by 10 mail.techsummits.org.
