Saturday, May 06, 2006

Ebay-authorize.net

X-Message-Status: n:0
X-SID-PRA: support@email[randomnumber].ebay.com
X-SID-Result: TempError
X-Message-Info: [random numbers and letters]
Received: from osiedle.net-conekt.pl ([80.55.154.146]) by bay0-mc11-f9.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.1830);
Fri, 5 May 2006 08:15:55 -0700
Received: from osiedle.net-conekt.pl (80.55.154.146)
by osiedle.net-conekt.pl with SMTP;
Received: (qmail 3328 by uid 184); Fri, 5 May 2006 05:12:46 +0100
Message-Id: <20060505061246.xxxx.qmail@osiedle.net-conekt.pl>
To:
Subject: RE: Alert Message [a number]
From:
MIME-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Return-Path: frontsys@hotmail.com
X-OriginalArrivalTime: 05 May 2006 15:15:55.0745 (UTC) FILETIME=[CE4F7510:01C67056]
Date: 5 May 2006 08:15:55 -0700

Dear Member eBaY,

This is your official notification from company that the service(s) listed below will be deactivated and deleted if not renewed immediately.
Previous notifications have been sent to the Billing Contact assigned to this account. As the Primary Contact, you must renew the service(s) listed below or it will be deactivated and deleted.

EXPIRATION: May 8

https://signin.ebay.com/ws/eBayISAPI.dll?SignIn?DisplayLoginPage
Sincerely,

This Alert was sent according to your settings ([my email address]).
================================================================
Need help? Use "Site Helper" or call customer service at 1.800.576.7645. Please do not "Reply" to this Alert.

©2006 Financial Group. All rights reserved

#######

Now this is funny. Since when is eBay a POLISH organization??? Since the link where these scammers link to, http://ebay-authorize.net, also redirects to http://signin.ebay.com.ebay-authorize.net/eBayISAPI.dll?SignIn&co_partnerId=2&pUserId=&siteid=0&pageType=&pa1=&i1=&bshowgif=&UsingSSL=&ru=http%3A%2F%2Fwww.ebay.com&pp=&pa2=&errmsg=&runame=&ruparams=&ruproduct=&sid=&favoritenav=&confirm=&ebxPageType=&existingEmail=&isCheckout=&migrateVisitor=, I think some fool people may even fall to that.

And now to the fun part.

WHOIS information for ebay-authorize.net:

Domain Name: EBAY-AUTHORIZE.NET
Domain Status: ACTIVE
Registrar: Wooho T&C Co., Ltd. d/b/a RGNames.com
Referral URL: http://www.RGNames.com

Domain Registration Date....: 2006-05-05 GMT.
Domain Expiration Date......: 2007-05-05 GMT.
Domain Last Updated Date....: 2006-05-05 14:06:14 GMT.

Registrant:
Philip J Roller
10101 West Parmer Lane #711,
, 78717
US


Administrative, Technical, Billing Contact:
Philip J Roller whitbit@hotmail.com
10101 West Parmer Lane #711,
, 78717
US
(PHONE) +800-530-32-12 (FAX) +--


Domain Name Servers in listed order:
NS1.NARROWTOK.NET 67.167.254.42
NS2.NARROWTOK.NET 72.240.109.122

Thursday, May 04, 2006

My PayPal info needs to be confirmed - I don't even use PayPal

From: Billing@PayPal.com
Subject: Credit/Debit card update
Date: May 4, 2006 3:51:07 PM GMT+01:00
To: [my email address]
Reply-To: Billing@PayPal.com
Return-Path:
Delivered-To: [my email address]
X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on u15175516.onlinehome-server.com
X-Spam-Level: *
X-Spam-Status: No, score=1.9 required=7.0 tests=HTML_MESSAGE, HTTPS_IP_MISMATCH,MIME_HTML_ONLY autolearn=no version=3.1.0
Received: (qmail 19012 invoked by uid 2020); 4 May 2006 09:51:09 -0500
Received: from unknown (HELO dok.kifee.com) (72.9.246.226) by [my mail service]
Received: from nobody by dok.kifee.com with local (Exim 4.52) id 1FbfAZ-0003ST-KE for [my email]; Thu, 04 May 2006 10:51:07 -0400
Received-Spf: none ([my email service]: domain at dok.kifee.com does not designate permitted sender hosts)
Mime-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id: <....@dok.kifee.com>
X-Antiabuse: This header was added to track abuse, please include it with any abuse report
X-Antiabuse: Primary Hostname - dok.kifee.com
X-Antiabuse: Original Domain - [my email service]
X-Antiabuse: Originator/Caller UID/GID - [99 99] / [47 12]
X-Antiabuse: Sender Address Domain - dok.kifee.com
X-Source:
X-Source-Args:
X-Source-Dir:

Dear Paypal valued member,

Due to concerns, for the safety and integrity of the paypal
account we have issued this warning message.

It has come to our attention that your account information needs
to be updated due to inactive members, frauds and spoof reports.
If you could please take 5-10 minutes out of your online experience and renew
your records you will not run into any future problems with the online service.
However, failure to update your records will result in account suspension
This notification expires on 48.

Once you have updated your account records your paypal account
service will not be interrupted and will continue as normal.

Please follow the link below and login to your account
and renew your account information
https://www.paypal.com/cgi-bin/webscr?cmd=_login-run

Sincerely,
Paypal customer department!

Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your PayPal account and choose the "Help" link in the footer of any page.

To receive email notifications in plain text instead of HTML, update your preferences here.



Very entertaining that that link https://www.paypal.com/cgi-bin/webscr?cmd=_login-run links to http://66.160.154.156/catalog/paypal/ - instead http://66.160.154.156/ has a redirect to http://66.160.154.156/catalog/ or as its name, http://www.peek-a-book-store.com/.

That gives

Domain Name: PEEK-A-BOOK-STORE.COM
Registrar: REGISTER.COM, INC.
Whois Server: whois.register.com
Referral URL: http://www.register.com
Name Server: NS1.HE.NET
Name Server: NS2.HE.NET
Status: REGISTRAR-LOCK
Updated Date: 22-aug-2005
Creation Date: 20-aug-2005
Expiration Date: 20-aug-2008


IP address 66.160.154.156 -
OrgName: Hurricane Electric
OrgID: HURC
Address: 760 Mission Court
City: Fremont
StateProv: CA
PostalCode: 94539
Country: US

NetRange: 66.160.128.0 - 66.160.207.255
CIDR: 66.160.128.0/18, 66.160.192.0/20
NetName: HURRICANE-7
NetHandle: NET-66-160-128-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.HE.NET
NameServer: NS2.HE.NET
NameServer: NS3.HE.NET
Comment:
RegDate: 2003-10-09
Updated: 2005-09-27

RTechHandle: ZH17-ARIN
RTechName: Hurricane Electric
RTechPhone: +1-510-580-4100
RTechEmail: hostmaster@he.net

OrgAbuseHandle: ABUSE1036-ARIN
OrgAbuseName: Abuse Department
OrgAbusePhone: +1-510-580-4100
OrgAbuseEmail: abuse@he.net

OrgTechHandle: ZH17-ARIN
OrgTechName: Hurricane Electric
OrgTechPhone: +1-510-580-4100
OrgTechEmail: hostmaster@he.net

And, of course I am going to update my PayPal info to this obnoxious website. After all, I don't even have a PayPal account.

Uk Business proposal, "EDGAR SMITHS VENTURES LTD UK" - nothing original

From: contractaffairs@yahoo.com
Subject: Job Offer
Date: May 4, 2006 6:57:xx PM GMT+01:00
To: [my email]
Reply-To: contractaffairs@yahoo.com
Return-Path:
Received: [...] Received: from nt5.nshosts.com (nt5.nshosts.com [206.169.164.205] (may be forged)) by [isp] (Xserve/smtpin15/MantshX 4.0) with ESMTP id k44Gwpq9017825for [my email]; Thu, 04 May 2006 09:58:56 -0700 (PDT)
Received: from NT5 ([127.0.0.1]) by nt5.nshosts.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 04 May 2006 10:57:56 -0600
Message-Id: < [...] @nt5.nshosts.com>
Content-Type: text/plain; charset=iso-8859-1
Original-Recipient: [my email]
X-Originalarrivaltime: 04 May 2006 16:57:56.0250 (UTC) FILETIME=[E400A7A0:01C66F9B]


Hello,

My name is James Coker,I work for EDGAR SMITHS VENTURES LTD UK as a consultant, I also majored in business management.

The company produces various clothing materials,batiks,assorted fabrics and traditional costume which we have clients we supply weekly in the states.I am at our company in UK,though we have just completed a base in Africa and i might be visiting and we have made such a large client base in the US but I am always facing serious difficulties when it comes to transacting with Americans,they are always offering to pay with a US MONEY ORDERS OR CASHIERS CHECKS, which is difficult for me to cash here in United Kingdom.

We need a representative in the states who will be working for us as a part-time worker and who will be paid 5% for every transaction carried out,which wouldnt affect your present state of work,someone who would help me recieve payments from my customers in the states and get them processed at US banks.

I mean someone that is responsible,trust worthy,honest and reliable,cause the cost of coming to the state and getting payments is very expensive,i am working on extending a branch in the states,so for now we need a representative in the united states who will be handling the payment aspect.

These payments are usually in money orders and they would come to you in your name, so all you need do is cash the money order deduct your percentage and wire the rest back. It wouldnt cost you any amount,you are to receive payments which will be sent to you by Courier from my business patners.

Kindly get back to us as soon as possible if you are interested in this job offer at the email address below;

contractaffairs@gmail.com and i will brief you further with what this job will entail.

WARM REGARDS

James Coker

contractaffairs@gmail.com (alternate email)

www.edgarsmithvents.biz


#######

Well, the URL of this spammer does not exist.

The main point is unoriginal, it so reminds of STRYKER GINA RAYE of GINA FABRICS AND TEXTILES INDUSTRIAL LTD - except the previous one was to scam the UK residents, the latter to scam the Americans. Well - maybe this Gina person didn't get anyone from UK scammed, and had to try to fish on the other side of the pond?

Nevertheless, if there WAS any company trying to get work, I don't think the British officials, money laundering officials, tax officials etc would really like it. Also, British banks are relatively cheap. Would it REALLY make ANY SENSE for a business to find these 'honourable businessmen' in US that they would find only in the spambots of the internet, to contact them for this offer? I honestly think a British bank is a far better alternative with the less than 2 pounds a cheque they would charge for a SAFE transaction.

Originality: * of *****
Content repeated of all similar kind of business 'proposals'. Nothing new.

Wednesday, May 03, 2006

Stupid scams: The fraud girl from Russia

Spam seems to follow a 'flavour of the month' pattern. Certain types of spam become popular for a period of time.

Nigerian scams had theirs. Recently 'cheap meds' had their moment. Now it seems it's time for the dating scams. Here's a recent example.


Dear friend,
I found youbr pictaureb on one of the websites, acan we talk to
each otaher? I might be coming to your place in few aweeks.
This would be a grbeat opportunity to meet each other.
Btw, I am a woman. I am 25. Drop me a line at [email removed]



I love the "Btw, I am a woman" line near the end. As if to say "If you speak to me, there's a good chance you'll get laid".

Typically here's what this scam is intended to do.

1) Lonely and gullible man receives email and wonders "Wow, who is this chick"?
2) Man responds to email.
3) 'Woman' responds to man. Probably sends pictures to show how hot she is.
4) Man thinks he's on to something and invites her to visit.
5) She needs help with her ticket. For some reason she can't buy the ticket herself but promises that if you send her the money for the ticket, she'll return the money when she arrives.
6) Man sends money and never hears from them again.

This site has a nice write-up of this type of scam.

Fraud girl from Russia