You have won the Tor sweepstakes and other scams

by phobos | April 28, 2010

Over the past 18 months someone has been mailing fake checks from us to individuals all over the United States. The text of the letter one receives is:

From: Merchant & Bryce, Partners in Finance.
To: victim

Congratulations! We are pleased to inform you that you are one of the 26 declared lucky winners of our 2009 Dreams Sweepstakes(tm) held on [pick a date] in the 2nd category. A ticket with serial numbers [make up some numbers] attached to your name drew the lucky winning numbers [make up some numbers].

The 2009 Dreams Sweepstakes(tm) is a no purchase CASH STIMULUS give-away generated from proceeds of sales of gifts from charitable organizations across North America. All participants were selected through a random computer ballot system drawn from over [pick a big number here] name from a consumer database. Your name emerged as a lucky winner and you are entitled to the sum of [pick a five digit number], this stemming from the total price of [pick a six digit number] that was shared and presented among the 26 declared winners. The prize is only open to legal US and Canadian residents who are 18 years of age or older and located at their listed address.

Your claim number is [make up some numbers] and in accordance with the disbursement policy your prize award money has been forwarded to our trust account to authenticate your legitimacy in order to avoid double claim and to facilitate release your winnings to you either by certified check, money order or wire transfer to your designated local bank account that you will provide details for.

To expedite the processing, enclosed is a check of [pick a four digit number] (10% of your prize money) which has been deducted from your winnings. You will be using a portion of these funds to pay for the applicable taxes on your [pick a five digit number] prize money as well as the issuance cost for the purchase of a surety bond certificate that serves as proof of legitimacy.

The applicable taxes to be paid and the surety bond certificate issuance cost is a total of 9%(NINE PERCENT) of your prize money winnings which is: [pick 9% of your winning number].

Please contact your claims agent Mrs. Amber Logan at 1-(213) 283-6229 for further clarification and instructions on claiming your winning. Any attempt to negotiate your winning check without contacting your claims agent will automatically lead to your check being voided.

Please note: Prizes not claimed by [pick a date 3 weeks into the future] will be automatically deemed unclaimed and forwarded to the sponsors for re-entry into the next draw.

Congratulations from the Board of Trustees and all the sponsors,
Paul Lylesworth, Attorney at Law and 2009 Dreams Sweepstakes(tm).

Address: 1450 Veterans Blvd, Suite 100, Redwood City, CA 94063. Tel 1-213-261-6639.

I've replaced the unique amounts and numbers with text in brackets [] to highlight what's changed. Otherwise, the letters are all the same.

The checks are written against our public donation bank account, which is a deposit-only savings account. The checks themselves are signed by various people, typically Paul Lylesworth or Frank Anderson. However, Walmart cashed the checks without verification and then sent bill collectors after us for not honoring the checks. Sometimes the checks are written from The Tar Project.

Most victims find our phone number on the press page and call to ask, "Is this for real?" As they suspect, it is not real and is a scam.

I've also removed the claim numbers and amounts to protect those that sent to us copies of the letters and checks they received in the mail, and that are working with the local Police on this case.

As for as some basic sleuthing, the phone numbers NPA-NPX are assigned to MagicJack in Los Angeles, California. The letters themselves are mailed from Canada. postal code M4L 3T6. This is Toronto, Ontario.

That's all we know. If you receive an unexpected check from us, it's fake.


Please note that the comment area below has been archived.

April 28, 2010


«However,» ~ ... suspense... ~ «Walmart cashed the checks» ~ LOL AHAHAH!!!!!!!!!!!!! but that's funny!!!!!!!!!!!!!!!!!!! and now you might as well quit to call the checks «fakes»!!!!!! very funny!!!!!!!! ahah!!!!!!

As long as Walmart is the only victim (never fear, they won't go bankrupt for that matter) this scam is somehow amusing!!!!!!

Just try to image «Is this for real?» ~ «yea baby, cuz it works at Walmart» lawl!!!!!!!!!!!!!!!!!!


May 03, 2010


Interesting, This is a perfect example of INTERNET security. If Tor users that are trying to be hidden from view of prying Internet eyes are being sent scam mail than it goes to show that there is a big question mark about the security of the networks and computers they are using. My concern is how does one find the details of the individual or individuals that are using Tor. Is my understanding of this correct? Tor users are being sent fake prize winners tickets. So is someone targeting those whom are paranoid about spy and ID hacks. Obviously Tor did not work for the recipients of these scam lottery tickets. I commented about Google funding the Tor project and some concerns expressed about this. In the real world peoples IP addresses can lead to their personal details such as mailing address so that fake lotteries tickets can be sent to them. This would mean that the individual responsible can obtain these from the ISP? That would be a major breach of privacy would it not? As if my IP address is for example this would be like my home address. How ever this IP is common for a lot of devices like routers. Then the ISP I P address say (example) would reveal the ISP name and registered address. So how does the persons PC NIC address and the details from that get to be known unless some one has the capability to get into the customer files from the Server (ISP) account holder? Or how does one find the address of the person using Tor, to send a fake lottery ticket to your e mail or door? By discovering your email address. From the ISP, hacking into your computer or the registered applications on your PC say if you fill in the registration form and place your details in the boxes? Could there be a fake Tor site or is the Tor web site infected with a spy ware bug? My mind boggles.

This has nothing to do with Tor users. Many of the victims that contacted us can barely use a computer, nevermind worry about their privacy online. It seems someone is just trolling for public information and sending out letters.

A few of the victims thought we were an ISP that bought their information from some mailing list and this was our way of advertising/getting them to contact us so we could pitch our product at them.

May 06, 2010


also in the wake of internet censorship and a continuous trend towards our freedoms online being curtailed by western governments this may be a form of attack on Tor because you are an obstacle in the way of the police state future of the internet that they intend to bring into effect.

check out the digital econemy bill in the UK
and the fight going on in Australia

Sounds like your Tor client is connecting out to a variety of Tor relays on various ports -- as expected. Each Tor relay chooses what port it wants to listen to, and some of them choose ports that are commonly used for pops, imaps, etc. So your poorly written firewall is misinterpreting the behavior and thinking it's making a pops connection, when actually it's just making a connection to that port.

Unless of course you configured something else entirely. :)

June 11, 2010


hello please i cannot configure my skype to use tor. please i don't know what to do again. Please if you have any idea, send it to my email i will appreciate it!