Quick Search
Quick Links
QUICK SUBMISSION
Submit new reports using the link above. If it is approved, your posts will get published on the front page under Recent Comments (see right). We will publish a separate report by itself if necessary.
Access to Public Records
This online background verification service lets you instantly access numerous public records databases for your personal investigations and includes unlisted phone numbers, property searches, criminal records, vital statistics, adoption files, tax court records and more.
Special Categories
Recent Blogs
Categories
Content Archive
Blogroll
We accept link exchange for related websites
I did not buy that !?
- 4-12-2007
- Categorized in: Phishing Scam
Let's take a look at source of the email (i.e. 'view source') below, and the picture of the email we received originally. We have highlighted our text in blue to separate it from the email attachments.
----Attached----
Return-path: <mdimengo@integracom.net>
Delivery-date: Thu, 12 Apr 2007 05:18:21 -0500
Received: from [124.248.31.38] (helo=mail.integracom.net)
(envelope-from <mdimengo@integracom.net>)
id 1HbwNh-0005rd-EQ
Received: (from root@localhost) by mail4.integracom.net (8.11.3/8.11.3)
id k4V0OhN38045; Thu, 12 Apr 2007 18:34:27 -0800 (PDT envelope-from root)
Message-ID: <0fe901c77d72$1c27c2a0$8be0324c@VWXNAA>
Date: Thu, 12 Apr 2007 18:34:27 -0800
From: "Customer Support" <mdimengo@integracom.net>
X-Header-CompanyDBUserName: hpccm
X-Header-MasterId: 355317
X-Header-Versions: Hewlett-Packard.8t7bn0nd1.fk@us.newsgram.hp.com
X-Auth: 3-DES
X-Auth-bits: 74374166807466723011212670
Subject: Support Request
<html><body>
<p>Thank you for using the digital locker at Windows Marketplace.</p>
<p>This email confirms that you have successfully purchased:</p>
<p>Microsoftr Windows Vista Ultimate UPGRADE<br/>
Quantity: 1<br/>
Reseller: Circuit City</p>
<img src="http://218.106.165.181/rnd.gif.php?jpg=XXXXXX@XXXXXXXXXX.com">
<p>You can now access your license or licenses that have been delivered to your digital locker.</p>
<p>To download your new software, open your <a href="http://g.msn.com/WMHFUSEN/102146">digital locker</a> and choose a download method. We recommend that you use the digital locker assistant to help you download and install your software, make a backup CD of the software, and view your license information. Learn more about how to use the digital locker assistant <a href="http://g.msn.com/WMHFUSEN/102150">here</a>.</p>
<p>If you'd like to use your Internet browser to download the software instead, click Use Browser File Download in your digital locker to download software.</p>
<p>Learn more about using the digital locker and read the answers to frequently asked questions <a href="http://g.msn.com/WMHFUSEN/102152">here</a>.</p>
<p>If you need to change your billing information, contact information, download preference or other digital locker information, visit your <a href="http://g.msn.com/WMHFUSEN/102148">Profile page</a>.</p>
<p>For assistance with your digital locker account please contact our <a href="http://g.msn.com/WMHFUSEN/102091">Support Team</a>.</p>
<p>Thank you again for using the digital locker at Windows Marketplace.</p>
<p>Enjoy your new software!</p>
</body></html>
----End Attachment----
The email actually looks like this:
----Attached Picture----
----End Attached Picture----
Observations:
The blue links are links to the original msn.com website. For example, http://g.msn.com/WMHFUSEN/102152, actually opens the help page at Windows Marketplace. This is the only thing that is real in the entire email. The rest are scams.
1) Obviously, the receiver did not buy the software in most cases. If he did, it could be just plain lucky that he receives a scam email about the product he just bought.
2) As you can see in the attached picture, my email software automatically rejects loading the picture from the site. From the view source, we see that the image file is actually '<img src="http://218.106.165.181/rnd.gif.php?jpg=XXXXXX@XXXXXXXXXX.com">'. A check on the IP whois leads to a server in Beijing, China.
The picture is actually a PHP script file. We can foresee the least it can do is to confirm that you are reading your email, and that they can spam you even more. Or it can probably do more than that.
3) The IP address, 124.248.31.38 in the header leads us to a company in Beijing, China.
Anyway IP address tracking does not always imply that the scammer is located at the same place. The scammer could have used compromised server there and send out mails via proxy.
Lesson Learnt:
In most cases, I would have deleted the email as similar ones are often badly written. In this case, the email appears to be copied from the original email that could have been issued to a real customer. The scammer simply inserted his code into the email, setup the file, and send out the mail as spam.
Quick Search
Recent Comments
May 8, 2012 | 07:18 AM
419 Scams: Money Transfer, Fake Checks and Inheritance..."Hi,My mom received the same message from a coordinator named DR. LYNDA DUKE telling her that she won 850,000GBP and asking her to email the details (name, sex, date of birth, nationality, etc..) to a"
May 8, 2012 | 06:41 AM
419 Scam: Claim your money from "DIPLOMATIC COURIER SERVICE COMPANY""If you're not playing the lottery , how can you win?"
May 8, 2012 | 05:39 AM
Online Dating Scams: What to Look for and How to Protect Yourself" James Philips and George Philip have the same IP address , I think that is one and the same person."
May 8, 2012 | 05:38 AM
Lottery Scam: Shell Petroleum Development Company"FOR SOLUTIONS TO YOUR COMPLAINT, CONTACT Barrister MAX MORRIS OF M & M CHAMBER E-MAIL: morris.charity@lawyer.com. HE WILL HELP YOU TO FIND OUT IF YOUR WINNING IS TRUE OF FALSE:"
May 7, 2012 | 09:13 PM
Nigerian Love Scammers Busted in Malaysia!"scammed victim as well by so called James Robert on Chemisty.com, how can i assist you in catching these scum? I saved all of my instant messages and tex. I have the receipts where i sent him money i"
May 7, 2012 | 06:28 PM
A Note on Western Union Fraud Warning"I met a girl online who said she was from my area but is currently out of state visiting family. We talked via text messaging and emailing for a bit. Eventually she told me her car broke down and can "
May 7, 2012 | 03:40 PM
Bank of America Scam" FROM THE DESK OF MR. DENIS F.BEAUREGARD,FUND CREDIT OFFICER BANK OF AMERICA:VERO BEACH FLORIDA BRANCH USA BANK OF AMERICA: ATM CARD PAYMENT NOTIFICATIONATTN: PLEASE, I AM MR. DENIS F.BEAUREGARD, T"
May 7, 2012 | 10:37 AM
Hot Scam: Hotmail Phishing"I received the same type of email to my account Phishing for information:HOTMAIL EMAIL ADDRESS IS CHANGINGOur email address is changing! To ensure you continue to receive important emails regarding "
May 7, 2012 | 05:55 AM
Lottery Scam: SHELL PETROLEUM LOTTERY WINNING NOTIFICATION"hi my name is cynthia i receive an sms by petroleum aslo shell uk/sa petroleum stating that i have won R3 million and gave me a reference Number and should phone paul and his cell No is 0838746159 "
May 7, 2012 | 04:51 AM
Lottery Scam: Coca Cola Company South Africa Region"I have been contacted by the email address cocacola2012@gmail.com claiming that I have won a price of GBP 500000 in cocacola lotry.Kindly tell me if this message is fake or reliable.RegardsAamir Saeed"
May 7, 2012 | 01:10 AM
Nigerian Love Scammers Busted in Malaysia!"Dolores, Andrew Reece is the same person that scammed me too. I was stupid and foolish enough to be groomed and fell in love with him. Hope he got caught, rot to jail and go to HELL to meet his Satan "
May 6, 2012 | 06:39 PM
Online Dating Scams: What to Look for and How to Protect Yourself"udate on James Philips....spoke to him on skype again and realized that it is a video of a man being played of someone video messaging. The person i was talking to was typing while the man on the vide"
May 6, 2012 | 02:09 PM
Lottery Scam: Your money is on the way via Fedex!"OMG! This is such a stupid scam. I received an email this morning w/ the exact message, only the different is the price of security fee which is $160. Big "SCAM" will ring your bell just by notici"
May 6, 2012 | 11:19 AM
419 Scams: Money Transfer, Fake Checks and Inheritance..."My dad has been sent same letter From a huo ho.... Had to break the news to my dad that it's another idiot trying to rip off vulnerable people. It's easy to fall for it because not asking for any mone"
May 6, 2012 | 01:59 AM
Lottery Scam: Video about receiving a fake lottery check with your name on it" hi this is my detiales is in any lottery please send me my emailTOYOTA AUTOMOBILES COMPANY BURNASTON A38/A50, DERYSHIRE, EAST MIDLANDS DE1 9TA UNITED KINGDOM (Customers Care Line) 350,000.00GBP Thre"
May 6, 2012 | 01:52 AM
Lottery Scam: Video about receiving a fake lottery check with your name on it"hi this is sana please check my email name is in any lottery"
May 5, 2012 | 10:33 AM
419 Scam: Claim your money from "DIPLOMATIC COURIER SERVICE COMPANY""a man named Gen. James C. Boozer found my name in skype. He said he was on a mssion as a peace keeping officer in Kabul, Afganistan. He let me fall in love with him-and later he asked me to look for"
May 5, 2012 | 01:40 AM
Lottery Scam: Shell Petroleum Development Company"Hello! I have received an email from shell petroleums on 11 April 2012 in which you have mentioned that my email id has emerged as a lucky one and thus i will be awarded a cash prize of five h"
May 4, 2012 | 01:16 PM
How And Why Most Of All Online Income Opportunities Are Scams"Forget all these scams most of these websites where you pay money to learn how to do something is free somewhere on the internet to teach you I have found something absolutely free and fun... It is c"
May 4, 2012 | 11:25 AM
Is Survey Spot a Scam"The problem I've found with survey spot is that they constantly send me survey opportunities, I begin them and then they tell me I do not qualify for the cash incentive. Sometimes, I get pretty far "
May 4, 2012 | 10:37 AM
Online Dating Scams: What to Look for and How to Protect Yourself"Sofian Carlos, just the another name of this scammer CARLOS ALEXANDER, THIS GUY IS THE BIGGEST SCAMMER IN MALAYSIA, JUST WONDERING STILL WALK FREE"
May 4, 2012 | 04:32 AM
Submit Scam Report 2011 - 2012"Hi LourensI received the same type of offer for employement and had a bad feeling about it. I started investigating the set-up and have the same questions you have. What really made me think is that t"
May 3, 2012 | 08:35 PM
Bank of America Scam"i believe i am being scamed. i deposited a bank of america check into my account today$4850. a company (i can't find it on the computer) calling its self mega assurance from england says i won $100,00"
May 3, 2012 | 06:47 AM
Lottery Scam: Fake Shell Petroleum Development Company Malaysia Lottery"I also got the same contract letter, please advise how can I know whether is or what?Even though it is signed by different person, not the one mentioned in the above email. Right now the next step "
May 3, 2012 | 02:30 AM
Scam: Fake Steve Jobs Charitable Foundation"Oh boy! It is like you understand my mind! You seem to know a lot about this, just like you wrote the book in it or sehitmong. I think that you can do with some images to drive the message home a bit,"
May 2, 2012 | 05:23 PM
Complaint on Pandora-DIY - Updated"There are no programs, there is only this aelgess principal: If you want to make money, provide value to other people. If you are looking for a program, then you are asking to be sold to. The people s"
May 2, 2012 | 01:20 PM
Yorkie Puppy Scam"The baby will be fine while you are at school I adpeotd my chihuahua when she was just 6 weeks old . I put her in the bathroom with towels all over the floor while i went to work and that was 8 hours"
May 2, 2012 | 11:41 AM
Nigerian Love Scammers Busted in Malaysia!"Hi,Ive met this guy online..www.badoo.com hes name is Raymond Cohen and said he is a Liuetent Colonel mARINE corps..Intelligence army..now hes story goes like he send me amount of money by a courier n"
May 2, 2012 | 01:08 AM
Online Dating Scams: What to Look for and How to Protect Yourself"It has been awhile since you posted, are you still speaking with this man? Any question for money or woe is me story come up yet? I ask because I am going through a very similar situation, and your "
May 2, 2012 | 12:49 AM
Nigerian Love Scammers Busted in Malaysia!"i would like to know more because i am going thru rite now.. the other party have not said anything but have mention some documents need to be verified by me which put me in puzzled now.. so please up"
your help would be appreciated. rexb@vtc.net
Obrigada pelo ótimo presente que me enviou.