Inept phishing
Jun. 26th, 2007 08:46 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
altivoMore and more of the spam e-mail I actually see consists of phishing attempts of one sort or another. Whether this is because the other kinds of spam are declining or just that they are easier for the spam traps to filter out, I don't really know.
Occasionally (and with increasing frequency) I see phishing spam that is so ineptly and maladroitly created that I can't believe even the lowest of morons would fall for it. Witness today's example behind cut if you wish.
Return-Path: <admin@security.com>
Received: from noehlo.host ([127.0.0.1])
by mx-herron.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id 1i3eFZ5VS3Nl34a3; Tue, 26 Jun 2007 13:18:03 -0400 (EDT)
Received: from omta05ps.mx.bigpond.com ([144.140.83.195])
by mx-herron.atl.sa.earthlink.net (EarthLink SMTP Server) with ESMTP id 1i3eFX7Bh3Nl34a0
for <...>; Tue, 26 Jun 2007 13:18:02 -0400 (EDT)
Received: from oaamta07ps.mx.bigpond.com ([203.42.215.234])
by omta05ps.mx.bigpond.com with ESMTP
id <20070626171800.IQEM1743.omta05ps.mx.bigpond.com@oaamta07ps.mx.bigpond.com>;
Tue, 26 Jun 2007 17:18:00 +0000
Received: from mail.swimming.org.au ([203.42.215.234])
by oaamta07ps.mx.bigpond.com with ESMTP
id <20070626171800.FESX5648.oaamta07ps.mx.bigpond.com@mail.swimming.org.au>;
Tue, 26 Jun 2007 17:18:00 +0000
Received: from User ([220.232.155.10]) by mail.swimming.org.au with Microsoft SMTPSVC(6.0.3790.3959);
Wed, 27 Jun 2007 03:21:16 +1000
From: "Amazon.com"<admin@security.com>
Subject: New email address added to your account!
Date: Wed, 27 Jun 2007 01:17:56 +0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <asiserverkfqrwgg5oo000001dd@mail.swimming.org.au>
X-OriginalArrivalTime: 26 Jun 2007 17:21:17.0171 (UTC) FILETIME=[67AFBC30:01C7B816]
X-ELNK-Received-Info: spv=0;
X-ELNK-AV: 0
X-ELNK-Info: sbv=0; sbrc=.0; sbf=0b; sbw=000;
You have added richard.fr@yahoo.com as a new email address for your Flagstar Bank account.
If you did not authorize this change or if you need assistance with your account, please contact Amazon.Inc customer service at:
http://203.237.176.3/EPageCampus/amz/index.html
Thank you for using Amazon.Inc!
The Amazon.Inc Team !
Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your Amazon account and choose the "Help" link in the header of any page.
It appears to me that we have spammers who are the equivalent of the "script kiddies", using some sort of script provided by (or sold to them, more likely, by another scam artist) that is supposed to help them make tens of thousands a week by phishing for suckers. And they understand so little of how the scheme works that they make fools of themselves like this. A message "from" Amazon that has no amazon domain at all in the routing trace, nor in the return address, and telling you not about an Amazon account issue but rather about Flagstar Bank? And encouraging you to click a link that isn't even thinly disguised? Anyone stupid enough to fall for this sort of crap deserves to have their bank account vacuumed out, their brains removed through an eyedropper (assuming they can be found), and their identity stolen (but who would want it?)
Occasionally (and with increasing frequency) I see phishing spam that is so ineptly and maladroitly created that I can't believe even the lowest of morons would fall for it. Witness today's example behind cut if you wish.
Return-Path: <admin@security.com>
Received: from noehlo.host ([127.0.0.1])
by mx-herron.atl.sa.earthlink.net (EarthLink SMTP Server) with SMTP id 1i3eFZ5VS3Nl34a3; Tue, 26 Jun 2007 13:18:03 -0400 (EDT)
Received: from omta05ps.mx.bigpond.com ([144.140.83.195])
by mx-herron.atl.sa.earthlink.net (EarthLink SMTP Server) with ESMTP id 1i3eFX7Bh3Nl34a0
for <...>; Tue, 26 Jun 2007 13:18:02 -0400 (EDT)
Received: from oaamta07ps.mx.bigpond.com ([203.42.215.234])
by omta05ps.mx.bigpond.com with ESMTP
id <20070626171800.IQEM1743.omta05ps.mx.bigpond.com@oaamta07ps.mx.bigpond.com>;
Tue, 26 Jun 2007 17:18:00 +0000
Received: from mail.swimming.org.au ([203.42.215.234])
by oaamta07ps.mx.bigpond.com with ESMTP
id <20070626171800.FESX5648.oaamta07ps.mx.bigpond.com@mail.swimming.org.au>;
Tue, 26 Jun 2007 17:18:00 +0000
Received: from User ([220.232.155.10]) by mail.swimming.org.au with Microsoft SMTPSVC(6.0.3790.3959);
Wed, 27 Jun 2007 03:21:16 +1000
From: "Amazon.com"<admin@security.com>
Subject: New email address added to your account!
Date: Wed, 27 Jun 2007 01:17:56 +0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <asiserverkfqrwgg5oo000001dd@mail.swimming.org.au>
X-OriginalArrivalTime: 26 Jun 2007 17:21:17.0171 (UTC) FILETIME=[67AFBC30:01C7B816]
X-ELNK-Received-Info: spv=0;
X-ELNK-AV: 0
X-ELNK-Info: sbv=0; sbrc=.0; sbf=0b; sbw=000;
You have added richard.fr@yahoo.com as a new email address for your Flagstar Bank account.
If you did not authorize this change or if you need assistance with your account, please contact Amazon.Inc customer service at:
http://203.237.176.3/EPageCampus/amz/index.html
Thank you for using Amazon.Inc!
The Amazon.Inc Team !
Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your Amazon account and choose the "Help" link in the header of any page.
It appears to me that we have spammers who are the equivalent of the "script kiddies", using some sort of script provided by (or sold to them, more likely, by another scam artist) that is supposed to help them make tens of thousands a week by phishing for suckers. And they understand so little of how the scheme works that they make fools of themselves like this. A message "from" Amazon that has no amazon domain at all in the routing trace, nor in the return address, and telling you not about an Amazon account issue but rather about Flagstar Bank? And encouraging you to click a link that isn't even thinly disguised? Anyone stupid enough to fall for this sort of crap deserves to have their bank account vacuumed out, their brains removed through an eyedropper (assuming they can be found), and their identity stolen (but who would want it?)
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2007-06-28 03:20 am (UTC)Ok, yeah, that's taking it further than i would have.