Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > NZ Computing > Suspicious Email

Reply
Thread Tools

Suspicious Email

 
 
peterwn
Guest
Posts: n/a
 
      03-01-2012
Received this email overnight:
"I really did not want to disturb you with this but I had no one else to turn to. I'm in barcelona, to see my cousin who lives here. He's critically ill and needs family support. ............. Any amount will be accepted withgratitude and paid back after the surgery.Please let me know how much you can loan to me and I will provide you with the details to get the money."

It is of course a straight out scam, especially when the person concerned was in Wellington last night!

The email came from http://www.velocityreviews.com/forums/(E-Mail Removed) [name changed] and I have a friend with same but email address (E-Mail Removed) . It is either a straight out coincidence or someone has hacked a computer and got a email address book containing both my and my friend's email addresses.

The (E-Mail Removed) address seems to have been improperly obtained.

What would be the best course of action? Is Microsoft likely to be interested in following this up?
 
Reply With Quote
 
 
 
 
peterwn
Guest
Posts: n/a
 
      03-01-2012
On Friday, March 2, 2012 9:43:28 AM UTC+13, Allistar wrote:
> peterwn wrote:
>
> > Received this email overnight:
> > "I really did not want to disturb you with this but I had no one else to
> > turn to. I'm in barcelona, to see my cousin who lives here. He's
> > critically ill and needs family support. ............. Any amount will be
> > accepted with gratitude and paid back after the surgery.Please let me know
> > how much you can loan to me and I will provide you with the details to get
> > the money."
> >
> > It is of course a straight out scam, especially when the person concerned
> > was in Wellington last night!
> >
> > The email came from (E-Mail Removed) [name changed] and I have a
> > friend with same but email address (E-Mail Removed) . It is
> > either a straight out coincidence or someone has hacked a computer and got
> > a email address book containing both my and my friend's email addresses..
> >
> > The (E-Mail Removed) address seems to have been improperly obtained.
> >
> > What would be the best course of action? Is Microsoft likely to be
> > interested in following this up?

>
> Was that address simply the "replyTo" for the email? It's trivial to change
> that. Was it the "from"? That's trivial to change too.
>
> It's quite possible that your friends computer had been hacked - especially
> if he runs an operating system from Microsoft (that's not intended to be a
> troll, just pointing out the overwhelmingly large change it's true).
>
> You could confirm this by looking at the headers for the email and see what
> the path is. If it came from your friends PC then the path of the email will
> be very close to that of a legitimate email from him.
> --
> A.

Thanks for your help so far.
Both 'from' and 'to' were (E-Mail Removed) , there was no reply-to. I obviously received it via a 'bcc'.

The false email came from 'hotmail':
Received: from snt0-omc1-s52.snt0.hotmail.com ([65.54.61.89])
by mxin2-orange.clear.net.nz with ESMTP; Fri, 02 Mar 2012 02:56:43 +1300
Received: from SNT130-W24 ([65.55.90.8]) by snt0-omc1-s52.snt0.hotmail.com with
Microsoft SMTPSVC(6.0.3790.4675); Thu, 01 Mar 2012 05:56:41 -0800

The 'from' path for two legitimate emails from my friend are:
Received: from col0-omc3-s16.col0.hotmail.com ([65.55.34.154])
by mxin3-orange.clear.net.nz with ESMTP; Fri, 17 Feb 2012 12:48:08 +1300
Received: from COL123-W4 ([65.55.34.135]) by col0-omc3-s16.col0.hotmail.com
with Microsoft SMTPSVC(6.0.3790.4675); Thu, 16 Feb 2012 15:48:07 -0800
and:
Received: from col0-omc3-s16.col0.hotmail.com ([65.55.34.154])
by mxin1-orange.clear.net.nz with ESMTP; Mon, 30 Jan 2012 21:56:33 +1300
Received: from COL123-W60 ([65.55.34.137]) by col0-omc3-s16.col0.hotmail.com
with Microsoft SMTPSVC(6.0.3790.4675); Mon, 30 Jan 2012 00:56:33 -0800

I do not know how Hotmail servers work, but it seems the dud email came from a different part of Hotmail than used for my friend's legitimate emails. I also wonder if 'msm.com' email addresses operate via Hotmail servers since both are Microsoft owned. Also it would apopear to be more difficult to spoof addresses for emails sent via hotmail compared with a normal SMTP server.
 
Reply With Quote
 
 
 
 
Frank Williams
Guest
Posts: n/a
 
      03-02-2012
On Thu, 1 Mar 2012 12:38:59 -0800 (PST), peterwn
<(E-Mail Removed)> wrote:

>Received this email overnight:
>"I really did not want to disturb you with this but I had no one else to turn to. I'm in barcelona, to see my cousin who lives here. He's critically ill and needs family support. ............. Any amount will be accepted with gratitude and paid back after the surgery.Please let me know how much you can loan to me and I will provide you with the details to get the money."
>
>It is of course a straight out scam, especially when the person concerned was in Wellington last night!
>
>The email came from (E-Mail Removed) [name changed] and I have a friend with same but email address (E-Mail Removed) . It is either a straight out coincidence or someone has hacked a computer and got a email address book containing both my and my friend's email addresses.
>
>The (E-Mail Removed) address seems to have been improperly obtained.
>
>What would be the best course of action? Is Microsoft likely to be interested in following this up?




Just forget it this is very normal and happends all the time
 
Reply With Quote
 
Gordon
Guest
Posts: n/a
 
      03-02-2012
On 2012-03-01, peterwn <(E-Mail Removed)> wrote:
> Received this email overnight:
> "I really did not want to disturb you with this but I had no one else to turn to.
> I'm in barcelona, to see my cousin who lives here. He's critically ill and needs
> family support. ............. Any amount will be accepted with gratitude and
> paid back after the surgery.Please let me know how much you can loan to me and
> I will provide you with the details to get the money."
>
> It is of course a straight out scam, especially when the person concerned was in Wellington last night!
>
> The email came from (E-Mail Removed) [name changed] and I have a friend with same but email address (E-Mail Removed) . It is either a straight out coincidence or someone has hacked a computer and got a email address book containing both my and my friend's email addresses.
>
> The (E-Mail Removed) address seems to have been improperly obtained.
>
> What would be the best course of action? Is Microsoft likely to be interested in following this up?


If it adds to their bottom line then yes, maybe.

I am with Frank on this, just move on.

The spammer probably sent out *@msn.com. Imean after all hotmail and msn are
hardy your minority ISP are they?

The spammer wants $, as do we all.
 
Reply With Quote
 
Peter Huebner
Guest
Posts: n/a
 
      03-02-2012
In article <13081212.664.1330634339117.JavaMail.geo-discussion-
forums@ynel5>, (E-Mail Removed) says...
>
> Received this email overnight:
> "I really did not want to disturb you with this but I had no one else to turn to. I'm in barcelona, to see my cousin who lives here. He's critically ill and needs family support. ............. Any amount will be accepted with gratitude and paid back after the surgery.Please let me know how much you can loan to me and I will provide you with the details to get the money."
>
> It is of course a straight out scam, especially when the person concerned was in Wellington last night!
>
> The email came from (E-Mail Removed) [name changed] and I have a friend with same but email address (E-Mail Removed) . It is either a straight out coincidence or someone has hacked a computer and got a email address book containing both my and my friend's email addresses.
>
> The (E-Mail Removed) address seems to have been improperly obtained.
>
> What would be the best course of action? Is Microsoft likely to be interested in following this up?



In my experience these things come at once removed. I.e. somebody with
(most likely) internet explorer and outlook has been hacked. They had
your friend Joe in the address book and the hackers have used what they
have pilfered from that person's address book to send out emails under
Joe's name so that they might pass muster at first glance.

It has happened this way to at least 3 people that I've come across.
Always been ms-software exploits. I think it's unlikely that they
actually hacked into hotmail/msn servers.

In other words: there's probably jack **** you can do about it, just
ride it out until they start using somebody else's hacked addressbook.
They never stay on one address for very long at all as far as I've been
able to observe.

-P.
 
Reply With Quote
 
Ralph Fox
Guest
Posts: n/a
 
      03-02-2012
On Thu, 1 Mar 2012 12:38:59 -0800 (PST), in message <13081212.664.1330634339117.JavaMail.geo-discussion-forums@ynel5>
peterwn wrote:

> Received this email overnight:
> "I really did not want to disturb you with this but I had no one else to turn to. I'm in barcelona, to see my cousin who lives here. He's critically ill and needs family support. ............. Any amount will be accepted with gratitude and paid back after the surgery.Please let me know how much you can loan to me and I will provide you with the details to get the money."
>
> It is of course a straight out scam, especially when the person concerned was in Wellington last night!
>
> The email came from (E-Mail Removed) [name changed] and I have a friend with same but email address (E-Mail Removed) . It is either a straight out coincidence or someone has hacked a computer and got a email address book containing both my and my friend's email addresses.
>
> The (E-Mail Removed) address seems to have been improperly obtained.
>
> What would be the best course of action? Is Microsoft likely to be interested in following this up?



I received an email 6 weeks ago, "from" a friend's hotmail address.
The Received headers indicated it was sent though Hotmail servers
(apparently the Hotmail web interface) by someone with an IP address
in mainland China.

While it is trivial to change a "from" address in an SMTP client,
one might think Hotmail could perform some validation on people
using its web interface.

Like you, I also wondered whether the email address was improperly
obtained.

FWIW the email I received was not a scam like yours, it was an
advertisement. The language told mne immediately that it was not
the friend...


| Dear friends:
| i have bought one iphone from china with the lower price,i got it within
| 3 days,so fast!and i am very satisfactory with
| their service and its quality!
| also their company sales many other good electronics!pls be hurry to
| vivsit their site!and you will find the big suprise!www.********.***


--
Kind regards
Ralph
 
Reply With Quote
 
peterwn
Guest
Posts: n/a
 
      03-02-2012
On Mar 2, 9:38*am, peterwn <(E-Mail Removed)> wrote:
<snip>
Got to the bottom of it. My friend's hotmail account was hijacked. I
emailed
to that account warning my friend, and got back a reply from the
fraudster
wondering when i would send the money by Western Union. Poor friend is
rather red faced and been deluged with phone calls from mailing list
contacts who also had dud messages.

 
Reply With Quote
 
~misfit~
Guest
Posts: n/a
 
      03-03-2012
Somewhere on teh intarwebs Peter Huebner wrote:
> In article <13081212.664.1330634339117.JavaMail.geo-discussion-
> forums@ynel5>, (E-Mail Removed) says...
>>
>> Received this email overnight:
>> "I really did not want to disturb you with this but I had no one
>> else to turn to. I'm in barcelona, to see my cousin who lives here.
>> He's critically ill and needs family support. ............. Any
>> amount will be accepted with gratitude and paid back after the
>> surgery.Please let me know how much you can loan to me and I will
>> provide you with the details to get the money."
>>
>> It is of course a straight out scam, especially when the person
>> concerned was in Wellington last night!
>>
>> The email came from (E-Mail Removed) [name changed] and I have
>> a friend with same but email address (E-Mail Removed) . It
>> is either a straight out coincidence or someone has hacked a
>> computer and got a email address book containing both my and my
>> friend's email addresses.
>>
>> The (E-Mail Removed) address seems to have been improperly
>> obtained.
>>
>> What would be the best course of action? Is Microsoft likely to be
>> interested in following this up?

>
>
> In my experience these things come at once removed. I.e. somebody with
> (most likely) internet explorer and outlook has been hacked. They had
> your friend Joe in the address book and the hackers have used what
> they have pilfered from that person's address book to send out emails
> under Joe's name so that they might pass muster at first glance.
>
> It has happened this way to at least 3 people that I've come across.
> Always been ms-software exploits. I think it's unlikely that they
> actually hacked into hotmail/msn servers.
>
> In other words: there's probably jack **** you can do about it, just
> ride it out until they start using somebody else's hacked addressbook.
> They never stay on one address for very long at all as far as I've
> been able to observe.


Hi Peter,

A friend of mine had his Hotmail account hacked and I got messages for about
a year, on and off, from that account. I'd say that the hackers must have
had some bites from his address book (he was a prolific emailer, and
young..) so kept mining it.
--
Shaun.

"Humans will have advanced a long, long, way when religious belief has a
cozy little classification in the DSM."
David Melville (in r.a.s.f1)


 
Reply With Quote
 
Dave Doe
Guest
Posts: n/a
 
      03-04-2012
In article <13081212.664.1330634339117.JavaMail.geo-discussion-
forums@ynel5>, (E-Mail Removed), peterwn says...
>
> Received this email overnight:
> "I really did not want to disturb you with this but I had no one else to turn to. I'm in barcelona, to see my cousin who lives here. He's critically ill and needs family support. ............. Any amount will be accepted with gratitude and paid back after the surgery.Please let me know how much you can loan to me and I will provide you with the details to get the money."
>
> It is of course a straight out scam, especially when the person concerned was in Wellington last night!
>
> The email came from (E-Mail Removed) [name changed] and I have a friend with same but email address (E-Mail Removed) . It is either a straight out coincidence or someone has hacked a computer and got a email address book containing both my and my friend's email addresses.
>
> The (E-Mail Removed) address seems to have been improperly obtained.
>
> What would be the best course of action? Is Microsoft likely to be interested in following this up?


Just e-mail yer joe bloggs man and tell him to change his password -
suggest he uses a better one in future!

--
Duncan.
 
Reply With Quote
 
Dave Doe
Guest
Posts: n/a
 
      03-04-2012
In article <136b88d8-eb43-47b6-845e-d031927919e3
@k29g2000yqc.googlegroups.com>, (E-Mail Removed), peterwn says...
>
> On Mar 2, 9:38*am, peterwn <(E-Mail Removed)> wrote:
> <snip>
> Got to the bottom of it. My friend's hotmail account was hijacked. I
> emailed
> to that account warning my friend, and got back a reply from the
> fraudster
> wondering when i would send the money by Western Union. Poor friend is
> rather red faced and been deluged with phone calls from mailing list
> contacts who also had dud messages.


Yep, quite common - a result of too many folk having very poor
passwords. The hackers don't 'hi-jack' the account to the extend of
changing the password (that would tip off the account holder) - and just
happily use it to send out such malicious e-mails to the account
holder's contacts.

New password - fixed!

As said, suggest they use a stronger password in future!

--
Duncan.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
suspicious application in task manager? John Black Computer Security 3 07-01-2005 11:06 AM
Suspicious Firefox 1.0 PR Communications boris Firefox 16 10-18-2004 02:14 PM
? Need help interpreting this suspicious HTML code Alec S. HTML 5 09-11-2004 02:32 AM
suspicious (?) e-mail from iPowerWeb Billing Team wgreene Computer Support 5 07-31-2004 12:44 AM
Suspicious script Joe Computer Support 2 09-10-2003 04:00 PM



Advertisments