I receive a lot of advertising and guest blogger solicitations on my site. To set the record straight, I don’t currently allow guest blogging and the advertisers I choose must be reputable, well-known, and/or part of a network. This morning I received an email via my contact form from a “Josephine Bergson” from “the LLT Consulting company” who said they wanted to place banner ads on my website, stating they could “pay up to $950.00/month.” Wow, I thought, that’s a pretty high rate. But when you get these types of “offers,” as a blogger, you need to be very careful about these things. So I decided to do some investigation.
Above is a screen grab of the actual email, with a couple of annotations that sent up warning flags. Below is the text of the email. (Note: I have unlinked the URL and added spaces – please don’t click through on it!).
Hello! My name is Josephine Bergson representing the advertising department of the LLT Consulting company. We are interested to place ads (banners), of your choice, on your websites. Design and sizes can be seen on our website at www. lltconsulting . net/id_kmptyvo/ Depending on the banner size you choose we can pay up to $950.00/month. If you are interested to become an advertising partner please let me hear from you. Kind Regards, Josephine Bergson josephine. bergson @ lltconsulting .net
The first thing that jumped out at me is the very high banner payment amount ($950 is a lot). As I was reading on an iPhone (which doesn’t support Java nor Flash), I decided it would be relatively safe to click through on the link. This is what I saw on my mobile browser.
It said:
Welcome to JppConsulting .net ! If you see this message you are accessing the website from a mobile device. In order to experience this enhanced website you have to use a Computer.
Hmmm. More warning flags. First, the site I was trying to go to was LttConsulting .net and not JppConsulting .net. So, I decided to do some searches on this so-called LttConsulting.net site.
First I searched for “LttConsulting .net” and didn’t really find anything odd. But then I plugged “Ltt Consulting scam” into Google and suddenly more warning flags went up. The mere fact that there were lots of search results related to this site meant to me that this email and website were probably NOT LEGIT.
I know that my Mac has pretty good protection (Safari sandboxing, GateKeeper, tight Java control, etc.) so I decided to go to the link that was in the email. As the website loaded, I received a prompt from Java asking if I wanted to trust the Java applet. (If you test this, DO NOT TRUST THE JAVA APPLET!)
I clicked the “Not Now” button so that I knew that the Java applet would not run. Then I decided to poke around the site to see what I could find.
Every single link on the site was an “internal link” meaning it used a hashtag (“#”) to keep people on the same page. If this were a legitimate site, someone could actually view what is on this page. Instead, the site kept you on the page, seemingly trying to get you to load the Java applet.
I was unable to download the Java applet offline (I wanted to see if I could view the source code) but I had had enough. This is purely speculation on my part as I have not validated this assumption, but I would guess that the Java applet loads malware, a trojan, spyware or some type of virus. So again, don’t load it!
I tried to see if the website was listed on any malware sites, if a malware scan reported anything, or if Google reported any issues with it but I wasn’t able to find anything out of the ordinary, other that people simply saying they had received similar offers. A quick search of those offers did show different payment amounts being offered, as well as different “banner ad example” URLs (which to me means that the links are/were being tracked).
The domain is registered to:
Registrant Name: PATRIK NOVAK Registrant Organization: LLT CONSULTING Registrant Street: SOKOLSK??? 1153 Registrant City: DOKSY Registrant State/Province: CZ Registrant Postal Code: 472 01 Registrant Country: CZ Registrant Phone: +43.326551001 Registrant Phone Ext: Registrant Fax: +43.326551046 Registrant Fax Ext: Registrant Email: [email protected]
So the “organization” is in Czechoslovakia Czech Republic. [edited 03.05.15 – forgive my geographic ignorance.]
The Bottom Line – A Warning to Bloggers
If you get an email similar to the one above from Llt Consulting, stay away from it.
- The site is not valid
- The site tries to load a Java applet
- The links on the site go no where and provide no information
- The Java applet most likely contains malware
- The email that other sites receive is identical, only the URL changes (for tracking?)
- Other people have reported this as a scam
This has been a blogger Public Service Announcement from another concerned blogger. Please be sure to share this with your networks!
HTD says: Sometimes these offers are just too good to be true! Be careful!
87 Responses
Hi, Michael.
I just received the same email. Just like you said, it sounded too good to be true! And since I’d rather search than click, half way through, Google completed my writing “LLT” with “consulting scam”, so I was sure!
Also, the email came from my contact page, but I had my realtime analytics on at the same time, and I had no one visiting that page!
Anyway, thanks for the post.
Cheers
Hi Michael, unfortunately I clicked the link and installed the Java Applelet on my mac. Any idea what should I do now to erase it? Thanks a lot!
Well there are some free antivirus and spyware scanners that you could run. Also be sure that later you change your java settings to prompt you before running anything. Good luck!
Thanks for your response! Do you know what this applet really does? I am really not a computer expert. Any spyware you’d recommend?
Currently I’m using Sophos’s free anti-virus. I also have Adware Medic (but only recently started testing it).
Totally agree, this is huge scam and most likely will install malware or hack your PC. If you clicked on on it, it’s better to reinstall your computer.
Thanks for this post – I just received the same email (through my contact page) and luckily did a Google search before clicking on the link. So will now delete!
Thank you for letting us now, but one thing you should have known as a blogger – Czechoslovakia does not exist since 1993… There are tow separate countries, Czech Republic and Slovak Republic. Don’t be another ignorant American, learn something about the world overseas too…
Good point. I got the domain info from the WhoIs lookup that listed it that way, I believe. Thanks for clarifying.
Thanks so much for this article. My NPO certainly cannot afford to be scammed.
I got this, too. Thanks for info. They are using ‘Czech Republic’ on the website. I did click on the Java icon but it’s disappeared – MacKeeper doing it’s stuff; and a full scan, just in case. I new at this stuff and appreciate your care.
I just received this as well. Thank you for taking the time to write up a post and validate that they are in fact a scam. All of us in the blogging world appreciate it!
I got this as well. Good thing I don’t use Java nor refuse to use it.
I got this as well today! Thanks for the information.
I got exactly the same email on Saturday in Australia. I replied but didn’t download the program. Your blog was useful to me. Thank you so much.
I am also in on it. Received this email this morning and had the same dim feeling. Thanks for sharing your report.
Just got this mail- and checked about the company -which lead me to this article.
Thanks for sharing it!
thanks for sharing! Just got this email… it is strange that the still use the same letter without changing the names.
Just had the same email! Thought it sounded dodgy so good to get confirmation
A nice correction would have been nice you don’t have to be mean. This is a great article the helps a lot!
Thanks for your investigation – and sharing. I came to the same conclusion. Those wacky Czechs!
I just got this email, and I’m glad I checked this site :)
Me too thanks ever so much for the heads up soon as it wanted to download Java my spidey sense started tingling!
Thanks for this – I received an email this morning which to me seemed to good to be true. I am glad I found this post!åç
Thanks for the info! It looked a bit suspicious to me as well :)
I wonder if there is a platform or plugin in common? It seems most of those affected are using wordpress? Anyone?
I just got this email. But a research clear my doubts! Thanks
Thanks for the information, it confirmed my suspicions.
Thanks. I just received this email and decided to check it out just before I allowed Java to run. I am glad you took the time to send out this warning message.
Thanks for your blog. I just received this same email. The email containing all sorts of red flags. The first one like you said was the 950 dollars a month. the best thing about the phone email is it brought me to your website. I love your website keep doing what you’re doing.
Thanks very much for this information – saved a lot of trouble!
I just got this email. Thank you for the information.
Just got this today, had similar feelings about it. Way too good to be true. Thanks for doing the legwork and posting this.
Thanks for posting this! I received it as well, a couple of days ago, and it seemed a little bit fishy so I googled it and found your article. Any idea on how they target the sites?
I have the same question, and I do use wordpress…
Hard to know exactly. I don’t know about the traffic volume. They could simply have a spider that crawls for contact forms and then a human cut and pastes the email in (to bypass captcha). Or it could be just working off of an email list and spamming everyone on the list.
Thanks for this! Appreciate the effort of putting the whole thing together
Thanks.
Had the same issue today. Thanks !
Thanks for posting this, I just got the same email and decided to do a quick search on it before doing anything.
Just saw this email today and immediately googled. Another red flag: +43 is actually the international code of Austria, not the Czech Republic.
Nice sharing Micheal. I receive the same email at my blog “http://ebookbisnesonline.com/” today. I;m happy because they offer the big chunk of money. But I made research about it and found your blog. Thanks for remind me about this type of scam
I just received a similar email. It looked phishy from the get-go. Thanks for posting!
Hello, i’ve receved this email yesterday and i clicked naivly on tis link. I had an old Java version so i update. Too fast. I only found your block this morning. What can i do ? Thanks for Help
Just got this message through a Wordpress Feedback form instead of email at http://gaintrain.co . First thought was ” too good to be true” so a quick Google search got me here.
I had already clicked on his URL, so I’m going through some system scans and eradication of my browsing history, caches, etc. Thanks!
Thanks for checking this out. I thought it looked dodgy but it’s interesting to see why!
Thanks for the heads up and details of your experience. I hope my webmaster didn’t do anything with it. Yikes! Thanks again.
Thanks Michael, I got this exact mail today morning. I just googled “josephine bergson” and found your resource to be extremely helpful.. Cheers
Thank you!!!!! I have received this email today. I always do some research about companies before I clik on links – I found your article! Thank you for sharing!
I got this mail too just today, thank you for sharing! is funny how is exactly the same mail
Thanks for the warning! I got the same email and thought it was fishy!! Appreciate all the work you did reviewing the company!!
Just got this e-mail – glad I googled before clicking the link. ;)
How on earth is it 2015 and people still call the Czech Republic “Czechoslovakia” lol, get with the times man!
Already been addressed.
Got this same mail from same person on 5th april 2015 on Wp feedback. It was dented to my blog
GeekLogicNet
$950 is a really catchy price but i don’t really belief that
Thanks for the research I”l warn other bloggers.
Thanks, Received the same email just today.
Thanks for the effort, just got the email and found your site after googling. Again, big up to you!
Thanks so much for the heads up! I just got the email yesterday morning and was intrigued but also concerned. Glad I didn’t install the applet on my computer!
I received this email and I was just about to go ahead.. but those pointers you pointed out raised a huge red flag for me as well.. the website was looking fishy and the amount they were offering to pay is extremely high, 950$… not really realistic… and your blog article has just sealed the deal for me. I am definitely keeping off it….
**Be sure to check out my website at http://itechjungle.com, where Brains get Technologized**
I received this faux email like an hour ago. I thought the $950.00/month deal was too good. So I decided to do some research to clear my doubts. I am just glad I came across your post. Thank you for the heads up
http://itsyregi.com/
These folks used my contact form to let me know very early this morning that they’d to pay me handsomely to host banner ads for them as well. The message did not however contain a link as you describe here; instead, it invites me to reply via email (which I won’t do, thanks to your post here).
Just got this email, and I did click on the link but then realized this seemed too good to be true. I immediately closed the site (and didn’t click on any other links). Then I googled to find out more and came upon this post. Thank you for sharing this info! Now, I’m just hoping I didn’t do damage by clicking on the link in the email.
You should be fine. The java applet has to download and execute I believe, and if you block execution normally, you should be ok. Thanks for the comment.
Thank you so much for this post! I just received the same email and had a hunch it was suspicious, especially when I couldn’t pull up the website on my iPhone. I Googled the llpconsulting and found hour post at the top. Thank you!
thanks for this warning, i downloaded java from the oracle site and when i went to the scammers site i got the email from it said i still needed to install java, so thats a red flag and i didnt let the website install their virus on my system
Thanks for posting this. I just received the exact same email and found it odd because my site doesn’t receive enough traffic for anyone to pay to place an add on it!!
Got this email this morning – the price seemed outrageous! Thanks for confirming my suspicions.
Just got this email and immediately plugged it into Google because I knew it sounded strange and this article popped up. Thanks for confirming my fears. Deleting email now!
Thank you much! You confirmed my suspicions!
Thank you for your investigation and for posting it.
thanks for the confirmation. received it too.
tnx ,
I received this morning as you i looked for who they are. Then I did a Google and I came to your blog. Thank you Malian
4.23.2015 and this email is in our business account. It is great to search lltconsulting.net, see YOUR article, and know that email can be confidently dumped. Thank you, Mr. Sheehan. Excellent article and guidance.
i did the same….but something was tickling into so i send the mail
if you will pay 950 USD per month i can place 5 banners on different classified websites, you can choose the size of the banner at your ease.
Let me know.
Kind Regards, ;)
Another tip-off is in the email itself. It does have grammatical errors. This often is another red flag. It is for me. Thank you for the warning. i will inform my network.
I received this too, your article was very useful for me to avoid wasting time and avoiding damages and unpleasant things. Thanks!
This is Rev. Philip K. Cooper, President of Marathon Ministry, now in our 29th year serving the poor of Appalachia and other countries.
I am an unsophisticated computer user and do not text.
I want to thank you for your diligence and warning. I have coded LLT in my Spam.
God bless you
http://www.marathonministry.org
i got it too a week ago!
i just got the exact same email and downloaded Java to my computer so I could “check out” the banners she talks about. I googled the company and found your site and will not go one step further, so thank you! Gotta admit, I was a little excited for a minute! 950$ a month! ha thanks again!
Thanks for the info. There are many demons in this world.
Just got this email today. I thought too good to be true, then found this article. Thanks for taking the time to post this.
I recieved this today too!
Thanks so much! I just received this today as well and since I’ve little experience with people wanting to advertise on my site , I thought , WOW! I could sure use that , but like others, something didn’t seem right,, plugged in the name on google and got your site and warning. Thanks again for the heads up and saving me a super sized headache!
7.11.15…almost 6 mos. after your post…and they’re still working this scam. Looks like they are hiding behind a Cloudflare IP address…according to Akismet. Glad your post came up #1 for LLTConsulting. Thanks for taking the time to warn us!
dear Michael, thank you so much for the inlighting information. I got that email to my website too. Great job!!
Actually the links in the site do have a little info on them – guess they changed them after your review. But I agree – it looks like scam.
Improve metabolism that leads to speedily burn fat AND CALORIES.
http://buyphen24now.com/