Blogger Warning: LLT Consulting Banner Ad Scam

1421946269_thumb

I receive a lot of advertising and guest blogger solicitations on my site. To set the record straight, I don’t currently allow guest blogging and the advertisers I choose must be reputable, well-known, and/or part of a network. This morning I received an email via my contact form from a “Josephine Bergson” from “the LLT Consulting company” who said they wanted to place banner ads on my website, stating they could “pay up to $950.00/month.” Wow, I thought, that’s a pretty high rate. But when you get these types of “offers,” as a blogger, you need to be very careful about these things. So I decided to do some investigation.

Ltt Consulting Scam - email

Above is a screen grab of the actual email, with a couple of annotations that sent up warning flags. Below is the text of the email. (Note: I have unlinked the URL and added spaces – please don’t click through on it!).

Hello!
My name is Josephine Bergson representing the advertising department 
of the LLT Consulting company. We are interested to place ads 
(banners), of your choice, on your websites.
Design and sizes can be seen on our website at 
www. lltconsulting . net/id_kmptyvo/ 
Depending on the banner size you choose we can pay up to 
$950.00/month.
If you are interested to become an advertising partner please let me 
hear from you.
Kind Regards, 
Josephine Bergson 
josephine. bergson @ lltconsulting .net

The first thing that jumped out at me is the very high banner payment amount ($950 is a lot). As I was reading on an iPhone (which doesn’t support Java nor Flash), I decided it would be relatively safe to click through on the link. This is what I saw on my mobile browser.

Ltt Consulting Scam - mobile browser

It said:

Welcome to JppConsulting .net !
If you see this message you are accessing the website from a mobile device.
In order to experience this enhanced website you have to use a Computer.

Hmmm. More warning flags. First, the site I was trying to go to was LttConsulting .net and not JppConsulting .net. So, I decided to do some searches on this so-called LttConsulting.net site.

First I searched for “LttConsulting .net” and didn’t really find anything odd. But then I plugged “Ltt Consulting scam” into Google and suddenly more warning flags went up. The mere fact that there were lots of search results related to this site meant to me that this email and website were probably NOT LEGIT.

I know that my Mac has pretty good protection (Safari sandboxing, GateKeeper, tight Java control, etc.) so I decided to go to the link that was in the email. As the website loaded, I received a prompt from Java asking if I wanted to trust the Java applet. (If you test this, DO NOT TRUST THE JAVA APPLET!)

Ltt Consulting Scam - load java applet

I clicked the “Not Now” button so that I knew that the Java applet would not run. Then I decided to poke around the site to see what I could find.

Ltt Consulting Scam - internal links

Every single link on the site was an “internal link” meaning it used a hashtag (“#”) to keep people on the same page. If this were a legitimate site, someone could actually view what is on this page. Instead, the site kept you on the page, seemingly trying to get you to load the Java applet.

I was unable to download the Java applet offline (I wanted to see if I could view the source code) but I had had enough. This is purely speculation on my part as I have not validated this assumption, but I would guess that the Java applet loads malware, a trojan, spyware or some type of virus. So again, don’t load it!

I tried to see if the website was listed on any malware sites, if a malware scan reported anything, or if Google reported any issues with it  but I wasn’t able to find anything out of the ordinary, other that people simply saying they had received similar offers. A quick search of those offers did show different payment amounts being offered, as well as different “banner ad example” URLs (which to me means that the links are/were being tracked).

The domain is registered to:

Registrant Name: PATRIK NOVAK
Registrant Organization: LLT CONSULTING
Registrant Street: SOKOLSK??? 1153
Registrant City: DOKSY
Registrant State/Province: CZ
Registrant Postal Code: 472 01
Registrant Country: CZ
Registrant Phone: +43.326551001
Registrant Phone Ext: 
Registrant Fax: +43.326551046
Registrant Fax Ext:
Registrant Email: HOSTMASTER@LLTCONSULTING.NET

So the “organization” is in Czechoslovakia Czech Republic. [edited 03.05.15 – forgive my geographic ignorance.]

The Bottom Line – A Warning to Bloggers

Ltt Consulting Scam - java

If you get an email similar to the one above from Llt Consulting, stay away from it.

  • The site is not valid
  • The site tries to load a Java applet
  • The links on the site go no where and provide no information
  • The Java applet most likely contains malware
  • The email that other sites receive is identical, only the URL changes (for tracking?)
  • Other people have reported this as a scam

This has been a blogger Public Service Announcement from another concerned blogger. Please be sure to share this with your networks!

HTD says: Sometimes these offers are just too good to be true! Be careful!

- Advertisement -
- Advertisement -
- Advertisement -

87 Responses

  1. Hi, Michael.
    I just received the same email. Just like you said, it sounded too good to be true! And since I’d rather search than click, half way through, Google completed my writing “LLT” with “consulting scam”, so I was sure!
    Also, the email came from my contact page, but I had my realtime analytics on at the same time, and I had no one visiting that page!
    Anyway, thanks for the post.
    Cheers

  2. Hi Michael, unfortunately I clicked the link and installed the Java Applelet on my mac. Any idea what should I do now to erase it? Thanks a lot!

  3. Well there are some free antivirus and spyware scanners that you could run. Also be sure that later you change your java settings to prompt you before running anything. Good luck!

  4. Thanks for your response! Do you know what this applet really does? I am really not a computer expert. Any spyware you’d recommend?

  5. Currently I’m using Sophos’s free anti-virus. I also have Adware Medic (but only recently started testing it).

  6. Totally agree, this is huge scam and most likely will install malware or hack your PC. If you clicked on on it, it’s better to reinstall your computer.

  7. Thanks for this post – I just received the same email (through my contact page) and luckily did a Google search before clicking on the link. So will now delete!

  8. Thank you for letting us now, but one thing you should have known as a blogger – Czechoslovakia does not exist since 1993… There are tow separate countries, Czech Republic and Slovak Republic. Don’t be another ignorant American, learn something about the world overseas too…

  9. Good point. I got the domain info from the WhoIs lookup that listed it that way, I believe. Thanks for clarifying.

  10. Thanks so much for this article. My NPO certainly cannot afford to be scammed.

  11. I got this, too. Thanks for info. They are using ‘Czech Republic’ on the website. I did click on the Java icon but it’s disappeared – MacKeeper doing it’s stuff; and a full scan, just in case. I new at this stuff and appreciate your care.

  12. I just received this as well. Thank you for taking the time to write up a post and validate that they are in fact a scam. All of us in the blogging world appreciate it!

  13. I got exactly the same email on Saturday in Australia. I replied but didn’t download the program. Your blog was useful to me. Thank you so much.

  14. I am also in on it. Received this email this morning and had the same dim feeling. Thanks for sharing your report.

  15. Just got this mail- and checked about the company -which lead me to this article.
    Thanks for sharing it!

  16. thanks for sharing! Just got this email… it is strange that the still use the same letter without changing the names.

  17. A nice correction would have been nice you don’t have to be mean. This is a great article the helps a lot!

  18. Thanks for your investigation – and sharing. I came to the same conclusion. Those wacky Czechs!

  19. Me too thanks ever so much for the heads up soon as it wanted to download Java my spidey sense started tingling!

  20. Thanks for this – I received an email this morning which to me seemed to good to be true. I am glad I found this post!åç

  21. I wonder if there is a platform or plugin in common? It seems most of those affected are using wordpress? Anyone?

  22. Thanks. I just received this email and decided to check it out just before I allowed Java to run. I am glad you took the time to send out this warning message.

  23. Thanks for your blog. I just received this same email. The email containing all sorts of red flags. The first one like you said was the 950 dollars a month. the best thing about the phone email is it brought me to your website. I love your website keep doing what you’re doing.

  24. Just got this today, had similar feelings about it. Way too good to be true. Thanks for doing the legwork and posting this.

  25. Thanks for posting this! I received it as well, a couple of days ago, and it seemed a little bit fishy so I googled it and found your article. Any idea on how they target the sites?

  26. Hard to know exactly. I don’t know about the traffic volume. They could simply have a spider that crawls for contact forms and then a human cut and pastes the email in (to bypass captcha). Or it could be just working off of an email list and spamming everyone on the list.

  27. Thanks for posting this, I just got the same email and decided to do a quick search on it before doing anything.

  28. Just saw this email today and immediately googled. Another red flag: +43 is actually the international code of Austria, not the Czech Republic.

  29. Nice sharing Micheal. I receive the same email at my blog “http://ebookbisnesonline.com/” today. I;m happy because they offer the big chunk of money. But I made research about it and found your blog. Thanks for remind me about this type of scam

  30. I just received a similar email. It looked phishy from the get-go. Thanks for posting!

  31. Hello, i’ve receved this email yesterday and i clicked naivly on tis link. I had an old Java version so i update. Too fast. I only found your block this morning. What can i do ? Thanks for Help

  32. Just got this message through a Wordpress Feedback form instead of email at http://gaintrain.co . First thought was ” too good to be true” so a quick Google search got me here.

    I had already clicked on his URL, so I’m going through some system scans and eradication of my browsing history, caches, etc. Thanks!

  33. Thanks for checking this out. I thought it looked dodgy but it’s interesting to see why!

  34. Thanks for the heads up and details of your experience. I hope my webmaster didn’t do anything with it. Yikes! Thanks again.

  35. Thanks Michael, I got this exact mail today morning. I just googled “josephine bergson” and found your resource to be extremely helpful.. Cheers

  36. Thank you!!!!! I have received this email today. I always do some research about companies before I clik on links – I found your article! Thank you for sharing!

  37. I got this mail too just today, thank you for sharing! is funny how is exactly the same mail

  38. Thanks for the warning! I got the same email and thought it was fishy!! Appreciate all the work you did reviewing the company!!

  39. How on earth is it 2015 and people still call the Czech Republic “Czechoslovakia” lol, get with the times man!

  40. Got this same mail from same person on 5th april 2015 on Wp feedback. It was dented to my blog
    GeekLogicNet
    $950 is a really catchy price but i don’t really belief that
    Thanks for the research I”l warn other bloggers.

  41. Thanks for the effort, just got the email and found your site after googling. Again, big up to you!

  42. Thanks so much for the heads up! I just got the email yesterday morning and was intrigued but also concerned. Glad I didn’t install the applet on my computer!

  43. I received this email and I was just about to go ahead.. but those pointers you pointed out raised a huge red flag for me as well.. the website was looking fishy and the amount they were offering to pay is extremely high, 950$… not really realistic… and your blog article has just sealed the deal for me. I am definitely keeping off it….

    **Be sure to check out my website at http://itechjungle.com, where Brains get Technologized**

  44. I received this faux email like an hour ago. I thought the $950.00/month deal was too good. So I decided to do some research to clear my doubts. I am just glad I came across your post. Thank you for the heads up

    http://itsyregi.com/

  45. These folks used my contact form to let me know very early this morning that they’d to pay me handsomely to host banner ads for them as well. The message did not however contain a link as you describe here; instead, it invites me to reply via email (which I won’t do, thanks to your post here).

  46. Just got this email, and I did click on the link but then realized this seemed too good to be true. I immediately closed the site (and didn’t click on any other links). Then I googled to find out more and came upon this post. Thank you for sharing this info! Now, I’m just hoping I didn’t do damage by clicking on the link in the email.

  47. You should be fine. The java applet has to download and execute I believe, and if you block execution normally, you should be ok. Thanks for the comment.

  48. Thank you so much for this post! I just received the same email and had a hunch it was suspicious, especially when I couldn’t pull up the website on my iPhone. I Googled the llpconsulting and found hour post at the top. Thank you!

  49. thanks for this warning, i downloaded java from the oracle site and when i went to the scammers site i got the email from it said i still needed to install java, so thats a red flag and i didnt let the website install their virus on my system

  50. Thanks for posting this. I just received the exact same email and found it odd because my site doesn’t receive enough traffic for anyone to pay to place an add on it!!

  51. Got this email this morning – the price seemed outrageous! Thanks for confirming my suspicions.

  52. Just got this email and immediately plugged it into Google because I knew it sounded strange and this article popped up. Thanks for confirming my fears. Deleting email now!

  53. tnx ,

    I received this morning as you i looked for who they are. Then I did a Google and I came to your blog. Thank you Malian

  54. 4.23.2015 and this email is in our business account. It is great to search lltconsulting.net, see YOUR article, and know that email can be confidently dumped. Thank you, Mr. Sheehan. Excellent article and guidance.

  55. i did the same….but something was tickling into so i send the mail

    if you will pay 950 USD per month i can place 5 banners on different classified websites, you can choose the size of the banner at your ease.

    Let me know.

    Kind Regards, ;)

  56. Another tip-off is in the email itself. It does have grammatical errors. This often is another red flag. It is for me. Thank you for the warning. i will inform my network.

  57. I received this too, your article was very useful for me to avoid wasting time and avoiding damages and unpleasant things. Thanks!

  58. This is Rev. Philip K. Cooper, President of Marathon Ministry, now in our 29th year serving the poor of Appalachia and other countries.
    I am an unsophisticated computer user and do not text.
    I want to thank you for your diligence and warning. I have coded LLT in my Spam.
    God bless you
    http://www.marathonministry.org

  59. i just got the exact same email and downloaded Java to my computer so I could “check out” the banners she talks about. I googled the company and found your site and will not go one step further, so thank you! Gotta admit, I was a little excited for a minute! 950$ a month! ha thanks again!

  60. Just got this email today. I thought too good to be true, then found this article. Thanks for taking the time to post this.

  61. Thanks so much! I just received this today as well and since I’ve little experience with people wanting to advertise on my site , I thought , WOW! I could sure use that , but like others, something didn’t seem right,, plugged in the name on google and got your site and warning. Thanks again for the heads up and saving me a super sized headache!

  62. 7.11.15…almost 6 mos. after your post…and they’re still working this scam. Looks like they are hiding behind a Cloudflare IP address…according to Akismet. Glad your post came up #1 for LLTConsulting. Thanks for taking the time to warn us!

  63. dear Michael, thank you so much for the inlighting information. I got that email to my website too. Great job!!

  64. Actually the links in the site do have a little info on them – guess they changed them after your review. But I agree – it looks like scam.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Other articles of interest

Global Product Review Disclosure

Disclosure: This is a global disclosure for product review articles on HighTechDad. It does not apply to Automobile reviews and there are other exceptions. Therefore, it may or may not be applicable to this particular article. I may have a material connection because I may have received a sample of a product for consideration in preparing to review the product and write this or other content. I was/am not expected to return the item after my review period. All opinions within this and other articles are my own and are typically not subject to the editorial review from any 3rd party. Also, some of the links in the post above may be “affiliate” or “advertising” links. These may be automatically created or placed by me manually. This means if you click on the link and purchase the item (sometimes but not necessarily the product or service being reviewed), I will receive a small affiliate or advertising commission. More information can be found on my About page.

About HighTechDad

Michael Sheehan (“HighTechDad”) is an avid technologist, writer, journalist, content marketer, blogger, tech influencer, social media pundit, loving husband and father of 3 beautiful girls living in the San Francisco Bay Area. This site covers technology, consumer electronics, Parent Tech, SmartHomes, cloud computing, gadgets, software, hardware, parenting “hacks,” and other tips & tricks.

Recent Articles

Explore Categories

– Advertisement –

Shop Now!

My Favorite Setapp Apps

Affiliates

  • Shop Mount-It!
  • Mount18_July

– Advertisement –

– Advertisement –