There’s a criminal person with malicious intent behind each one of these emails sent out, and it makes me sick.  I wish I could really hear about some of these people after they are caught…I’m curious.  Who are they?  Do they plan criminal activities everyday?  Are they mob-related?  Are they techy punk kids trying to make a quick buck?  I’m assuming had someone done this from most countries they would be caught fairly quickly.  Ahh….

Read the rest of this entry »

I have to admit, this phishing attempt is different. It’s coming from a unassuming location. Who would think that a question from a fellow eBayer could be attempt to steal your info? On top of that, only the yellow “Respond Now” button leads to a false location.

For reference…Give them some fake info:

http://alice.ics.nara-wu.ac.jp/~chubo/ebays.html

Return-path:
Received: from spm02 (spm02)
by jem01
(Sun Java System Messaging Server 6.2-5.04 (built Jan 24 2006))
with ESMTP id for ;
Wed, 19 Jul 2006 19:54:09 -1000 (HST)
Received: from mail.digitrain.ac.nz ([203.97.26.98])
by spm02 (8.13.6.20060614/8.13.6) with ESMTP id k6K5s0SX016030
for ; Wed,
19 Jul 2006 19:54:07 -1000 (HST envelope-from donna@digitrain.ac.nz)
Received: by mail.digitrain.ac.nz (Postfix, from userid 1030)
id 6A349199C10D; Thu, 20 Jul 2006 16:16:51 +1200 (NZST)
Date: Thu, 20 Jul 2006 16:16:51 +1200 (NZST)
From: eBay
Subject: Question from eBay Member
To: undisclosed-recipients: ;
Message-id:
MIME-version: 1.0
Content-type: text/html
Content-transfer-encoding: 8bit\r\n
X-PMX-Version: 5.2.0.264296, Antispam-Engine: 2.4.0.264935,
Antispam-Data: 2006.7.19.223932
Original-recipient: rfc822;
X-Perlmx-Spam: Gauge=XXX, Probability=30%, Report=’PHISH_NO_HTML_TAG 1.25,
CTYPE_JUST_HTML 0.848, HTML_MIME_NO_HTML_TAG 0.8, PHISH_SUBJ_LOW 0.5, __CT 0,
__CTE 0, __CTYPE_IS_HTML 0, __HAS_MSGID 0, __MIME_HTML 0, __MIME_HTML_ONLY 0,
__MIME_VERSION 0, __PHISH_FROM 0, __PHISH_FROM2 0, __PHISH_SUBJ_PHRASE1 0,
__RUS_MIME_NO_TEXT 0, __SANE_MSGID 0′

This a phishing email received today. This is for reference only.

If you’re bored give them some false info:

http://forum.schoschonen.com/event/official-security/upgrading/HSBC-US/login.htm

Return-path:
Received: from spm04 (spm04)
by jem01
(Sun Java System Messaging Server 6.2-5.04 (built Jan 24 2006))
with ESMTP id for ;
Wed, 19 Jul 2006 17:48:29 -1000 (HST)
Received: from alioth.digity.it (mizar.inartis.it [83.103.90.253])
by spm04 (8.13.6.20060614/8.13.6) with ESMTP id k6K3mGI0020397
for ; Wed,
19 Jul 2006 17:48:26 -1000 (HST envelope-from web@Alioth.digity.it)
Received: by alioth.digity.it (Postfix, from userid 1001)
id C7E9538F50C1C; Thu, 20 Jul 2006 05:46:51 +0200 (CEST)
Date: Thu, 20 Jul 2006 05:46:51 +0200 (CEST)
From: HSBC Bank USA
Subject: Important Message From HSBC Bank USA
To:
Reply-to:
Message-id:
MIME-version: 1.0
Content-type: text/html
Content-transfer-encoding: 8BIT
X-PMX-Version: 5.2.0.264296, Antispam-Engine: 2.4.0.264935,
Antispam-Data: 2006.7.19.203432
Original-recipient: rfc822;
X-Perlmx-Spam: Gauge=XXIIIIIII, Probability=27%, Report=’REPLY_TO_EMPTY 1.699,
CTYPE_JUST_HTML 0.848, PHISH_SUBJ_LOW 0.5, __CT 0, __CTE 0, __CTYPE_IS_HTML 0,
__HAS_MSGID 0, __MIME_HTML 0, __MIME_HTML_ONLY 0, __MIME_VERSION 0,
__PHISH_FROM 0, __PHISH_FROM2 0, __PHISH_LOGO 0, __PHISH_LOGO_HSBC 0,
__PHISH_SUBJ_PHRASE1 0, __SANE_MSGID 0, __TAG_EXISTS_HTML 0′

This one is pretty well done. With links that even point directly to ebay auctions. The one button that says respond now points to the fraudulent server. If you’re bored, give em some false info. This site looks exactly like ebay!

X-Message-Status: n:0
X-SID-PRA: support@ebay.reply7961.com
X-SID-Result: TempError
X-Message-Info: LsUYwwHHNt0fdbDltJXe6jj1gZWCO8ibYLZqUB1oUFg=
Received: from u62-13.u203-187.giga.net.tw ([203.187.62.13]) by bay0-mc9-f14.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.1830);
Wed, 17 May 2006 06:21:24 -0700
Delivered-To:
Received: (qmail 8260 by uid 452); Wed, 17 May 2006 09:17:06 +0800
Date: Wed, 17 May 2006 09:17:06 +0800
Received: from u62-13.u203-187.giga.net.tw (203.187.62.13)
by u62-13.u203-187.giga.net.tw with SMTP;
Received: (qmail 8260 by uid 452); Wed, 17 May 2006 09:17:06 +0800
Message-Id:
To:
Subject: RE: Alert from ebay members! - 8993754
From:
MIME-Version: 1.0
Content-Type: text/html; charset=”iso-8859-1″
Content-Transfer-Encoding: 8bit
Return-Path: m_krumbach@hotmail.com
X-OriginalArrivalTime: 17 May 2006 13:21:24.0975 (UTC) FILETIME=[CBF827F0:01C679B4]

Here we go again…another phishing email. This one is as sloppy as can be. It has no resemblence to an official Chase notice. I guess these phishing folks are getting lazy…they figure if you’ll respond, you’ll do it no matter what the email looks like.

X-Message-Status: n:0
X-SID-PRA: Chase@notify.chase.com
X-SID-Result: TempError
X-Message-Info: JGTYoYF78jET1GMF18uyNrF/V8fq9EIGrxJO5soVeSM=
Received: from LAN04 ([201.51.234.42]) by bay with Microsoft SMTPSVC(6.0.3790.1830);
Thu, 20 Apr 2006 09:14:44 -0700
Delivered-To:
Received: (qmail 3748 by uid 769); Mon, 31 Oct 2005 05:15:09 -0300
Date: Mon, 31 Oct 2005 05:15:09 -0300
Received: from LAN04 (201.51.234.42)
by LAN04 with SMTP;
Received: (qmail 3748 by uid 769); Mon, 31 Oct 2005 05:15:09 -0300
Message-Id:
To:
Subject: Re: Alert message ! - 96614050
From:
Reply-To:
MIME-Version: 1.0
Content-Type: text/html; charset=”iso-8859-1″
Content-Transfer-Encoding: 8bit
Return-Path: wesleymorrow@hotmail.com
X-OriginalArrivalTime: 20 Apr 2006 16:14:44.0820 (UTC) FILETIME=[899B5140:01C66495]

FAKE LINK: Click here to receive access to confirmation page redirects to
http://kgp21h.info/https/www.paypal.com/webscr/login.htm.

Bored? Give them some fake info!

X-Message-Status: s3:0
X-SID-PRA: support@paypal.com
X-SID-Result: SoftFail
X-Message-Info: 6sSXyD95QpUd24OyXs1fLakDN1QDAzoZvMxAkySqdIM=
Received: from OEM-MICRO ([203.90.192.144]) by bay0-mc4-f14.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.1830);
Mon, 10 Apr 2006 11:39:49 -0700
Delivered-To:
Received: (qmail 2613 by uid 836); Tue, 11 Apr 2006 02:39:56 +0800
Received: from OEM-MICRO (203.90.192.144)
by OEM-MICRO with SMTP; Tue, 11 Apr 2006 02:39:56 +0800
Received: (qmail 2613 by uid 836); Tue, 11 Apr 2006 02:39:56 +0800
Date: Tue, 11 Apr 2006 02:39:56 +0800
Message-Id:
To:
Subject: PayPal - Notification
From:
Reply-to:
MIME-Version: 1.0
Content-Type: text/html; charset=”iso-8859-1″
Content-Transfer-Encoding: 8bit
Return-Path: xxxxxxxxxxx
X-OriginalArrivalTime: 10 Apr 2006 18:39:50.0714 (UTC) FILETIME=[2697D1A0:01C65CCE]

I’m going to post these phishing scams when I receive them just to keep records. If it helps someone avoid getting scammed, then all the better!
I really hate these scams. If you’re bored, click on the link below and give them some FAKE info…

PHISHING LINK: https://Chase.com/update.php?account0429055

X-Message-Status: n:0
X-SID-PRA: Chase@update15.Chase.com
X-SID-Result: TempError
X-Message-Info: JGTYoYF78jGERDolRkZXK3aSevcWKGnNUwnJLp5ZCIU=
Received: from gt ([125.133.1.75]) by bay0-mc9-f3.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.1830);
Fri, 7 Apr 2006 05:47:07 -0700
Delivered-To:
Received: (qmail 2478 by uid 264); Fri, 7 Apr 2006 09:46:59 +0900
Date: Fri, 7 Apr 2006 09:46:59 +0900
Received: from gt (125.133.1.75)
by gt with SMTP;
Received: (qmail 2478 by uid 264); Fri, 7 Apr 2006 09:46:59 +0900
Message-Id:
Subject: Security account update 2401139.
From:
MIME-Version: 1.0
Content-Type: text/html; charset=”iso-8859-1″
Content-Transfer-Encoding: 8bit
Return-Path: dreid48@hotmail.com
X-OriginalArrivalTime: 07 Apr 2006 12:47:07.0400 (UTC) FILETIME=[61092080:01C65A41]