Dear people at e-Bay, NAS, Qwest and AOL,
I have received a very cunning fraudulent e-mail, which has the intention to
commit credit card fraud. Please read this e-mail thoroughly, as your
companies are in one way or another being disabused by the person that sent
this e-mail, and people should be warned and protected against the
fraudulent actions of this person.
In brief summarisation:
e-Bay: Your name and page lay-out has been impersonated by someone, to
harvest credit card information.
NAS: The offending page resides at one of your machines (according to Visual
Route).
AOL: The offending URL resolves to an AOL member's page.
Qwest: the e-mail has a forged originating address of anonymous@xxxxxxxxx
All, please read on for the details, so proper action can be taken:
Supposedly, I had ordered something through e-Bay and it can be cancelled by
going to a mentioned URL.
Apart from not having ordered anything through e-Bay for a substantial
amount of time, it is obvious that this is spam e-mail. Normally I simply
disregard such e-mails, but, in this case, I feel the content to be severe
enough to bring it to your attention.
The case is that when one goed to the mentioned URL (i.e.:
http://www.eBay.com-order.fw.nu (which is obviously a fake)), one receives
an encrypted HTML page, that is decrypted by Javascript (check the page's
source for more details), that outputs a fake e-Bay page, using the e-Bay
page's layout. On this page one is prompted to enter their credit card
information and submit it!
Obviously this is a money stealing scheme, against which people need to be
protected.
Using visualroute, I managed to track the location of the site down to a
machine owned by Network Access Solutions (I.P. address: 66.95.89.46) in
Virginia, USA.
By looking at the page properties, it becomes obvious that the actual URL
is: http://members.aol.com/cullcrow/
Using, Hotmail's "advanced" header settings, I managed to get the full
e-mail including the headers, it follows down below between the asterisks:
****************************************************************************
************
>From anonymous@xxxxxxxxx Fri, 18 Jan 2002 15:32:39 -0800
Received: from [63.225.135.3] by hotmail.com (3.2) with ESMTP id
MHotMailBE11FB430056400437633FE187030D2D0; Fri, 18 Jan 2002 15:31:16 -0800
Received: (qmail 70174 invoked by uid 17413); 18 Jan 2002 23:31:07 -0000
Date: 18 Jan 2002 23:31:07 -0000
Message-ID: <20020118233107.70173.qmail@xxxxxxxxxxxxxxxxxxxxx>
To: ogreone@xxxxxxxxxxx, ogreou812@xxxxxxxxxxx, ogrep@xxxxxxxxxxxxx,
ogrepunk@xxxxxxxxxxx, ogres@xxxxxxxxxxx, ogres@xxxxxxx,
ogres1@xxxxxxxxxxx,
ogresen@xxxxxxx, ogresk@xxxxxxxxxxxxx, ogresko@xxxxxxxxxxx,
ogreslayer@xxxxxxxxxxxxx, ogreslayer@xxxxxxxxxxx, ogresnoot@xxxxxxxxxxx,
ogreson@xxxxxxxxxxx, ogress@xxxxxxxxxxx, ogress@xxxxxxx,
ogress-one@xxxxxxx,
ogresss@xxxxxxxxxxx, ogreta@xxxxxxxxxxx, ogretchen@xxxxxxxxxxx,
ogretech@xxxxxxxxxxxxx, ogrethorp@xxxxxxx, ogretmen@xxxxxxxxxxx,
ogretmen@xxxxxxx, ogreto@xxxxxxxxxxx, ogretta@xxxxxxxxxxx,
ogrette@xxxxxxxxxxx, ogreve@xxxxxxxxxxx, ogrew@xxxxxxxxxxx,
ogrewe@xxxxxxxxxxx, ogrewolf@xxxxxxxxxxx, ogrex@xxxxxxxxxxx,
ogrex@xxxxxxx,
ogrey@xxxxxxxxxxx, ogrey@xxxxxxx, ogreyna@xxxxxxxxxxx,
ogreynolds@xxxxxxxxxxx, ogreynolds@xxxxxxxxxxxxxx, ogrf@xxxxxxxxxxx,
ogrg@xxxxxxxxxxx
From: CustomerSupportCenter@xxxxxxxx ()
Subject: eBay.com: Information Approved!
.<�/html><�font ptsize=1><�body link=#fefefe><�font color=#fefefe>
Below is the result of your feedback form. It was submitted by
(CustomerSupportCenter@xxxxxxxx) on Friday, January 18, 2002 at 23:31:07
---------------------------------------------------------------------------
msg: <�body link=#0000FF>Dear eBay Customer:
We at eBay services would like to take the time to thank you for making
your purchase with us. Your purchase '#9SS92J2J-39SA,' will be shipped to
your current billing address within the next 2-3 business day's.
If you feel that you have received this email in error and did not
purchase any items, go to our Order Cancellation page and fill out the
proper information to cancel the order.
Order Cancellation page:
http://www.eBay.com-order.fw.nu
Customer Services,
eBay Sales.
---------------------------------------------------------------------------
****************************************************************************
************
Can you please take action, and keep me informed of the status?
Thank you in advance, and with kind regards,
Olaf Greve
< This message was delivered via the Olympus Mailing List >
< For questions, mailto:owner-olympus@xxxxxxxxxxxxxxx >
< Web Page: http://Zuiko.sls.bc.ca/swright/olympuslist.html >
|