Suspicious Email

Discussion in 'NZ Computing' started by peterwn, Mar 1, 2012.

  1. peterwn

    peterwn Guest

    Received this email overnight:
    "I really did not want to disturb you with this but I had no one else to turn to. I'm in barcelona, to see my cousin who lives here. He's critically ill and needs family support. ............. Any amount will be accepted withgratitude and paid back after the surgery.Please let me know how much you can loan to me and I will provide you with the details to get the money."

    It is of course a straight out scam, especially when the person concerned was in Wellington last night!

    The email came from [name changed] and I have a friend with same but email address . It is either a straight out coincidence or someone has hacked a computer and got a email address book containing both my and my friend's email addresses.

    The address seems to have been improperly obtained.

    What would be the best course of action? Is Microsoft likely to be interested in following this up?
     
    peterwn, Mar 1, 2012
    #1
    1. Advertising

  2. peterwn

    peterwn Guest

    On Friday, March 2, 2012 9:43:28 AM UTC+13, Allistar wrote:
    > peterwn wrote:
    >
    > > Received this email overnight:
    > > "I really did not want to disturb you with this but I had no one else to
    > > turn to. I'm in barcelona, to see my cousin who lives here. He's
    > > critically ill and needs family support. ............. Any amount will be
    > > accepted with gratitude and paid back after the surgery.Please let me know
    > > how much you can loan to me and I will provide you with the details to get
    > > the money."
    > >
    > > It is of course a straight out scam, especially when the person concerned
    > > was in Wellington last night!
    > >
    > > The email came from [name changed] and I have a
    > > friend with same but email address . It is
    > > either a straight out coincidence or someone has hacked a computer and got
    > > a email address book containing both my and my friend's email addresses..
    > >
    > > The address seems to have been improperly obtained.
    > >
    > > What would be the best course of action? Is Microsoft likely to be
    > > interested in following this up?

    >
    > Was that address simply the "replyTo" for the email? It's trivial to change
    > that. Was it the "from"? That's trivial to change too.
    >
    > It's quite possible that your friends computer had been hacked - especially
    > if he runs an operating system from Microsoft (that's not intended to be a
    > troll, just pointing out the overwhelmingly large change it's true).
    >
    > You could confirm this by looking at the headers for the email and see what
    > the path is. If it came from your friends PC then the path of the email will
    > be very close to that of a legitimate email from him.
    > --
    > A.

    Thanks for your help so far.
    Both 'from' and 'to' were , there was no reply-to. I obviously received it via a 'bcc'.

    The false email came from 'hotmail':
    Received: from snt0-omc1-s52.snt0.hotmail.com ([65.54.61.89])
    by mxin2-orange.clear.net.nz with ESMTP; Fri, 02 Mar 2012 02:56:43 +1300
    Received: from SNT130-W24 ([65.55.90.8]) by snt0-omc1-s52.snt0.hotmail.com with
    Microsoft SMTPSVC(6.0.3790.4675); Thu, 01 Mar 2012 05:56:41 -0800

    The 'from' path for two legitimate emails from my friend are:
    Received: from col0-omc3-s16.col0.hotmail.com ([65.55.34.154])
    by mxin3-orange.clear.net.nz with ESMTP; Fri, 17 Feb 2012 12:48:08 +1300
    Received: from COL123-W4 ([65.55.34.135]) by col0-omc3-s16.col0.hotmail.com
    with Microsoft SMTPSVC(6.0.3790.4675); Thu, 16 Feb 2012 15:48:07 -0800
    and:
    Received: from col0-omc3-s16.col0.hotmail.com ([65.55.34.154])
    by mxin1-orange.clear.net.nz with ESMTP; Mon, 30 Jan 2012 21:56:33 +1300
    Received: from COL123-W60 ([65.55.34.137]) by col0-omc3-s16.col0.hotmail.com
    with Microsoft SMTPSVC(6.0.3790.4675); Mon, 30 Jan 2012 00:56:33 -0800

    I do not know how Hotmail servers work, but it seems the dud email came from a different part of Hotmail than used for my friend's legitimate emails. I also wonder if 'msm.com' email addresses operate via Hotmail servers since both are Microsoft owned. Also it would apopear to be more difficult to spoof addresses for emails sent via hotmail compared with a normal SMTP server.
     
    peterwn, Mar 1, 2012
    #2
    1. Advertising

  3. On Thu, 1 Mar 2012 12:38:59 -0800 (PST), peterwn
    <> wrote:

    >Received this email overnight:
    >"I really did not want to disturb you with this but I had no one else to turn to. I'm in barcelona, to see my cousin who lives here. He's critically ill and needs family support. ............. Any amount will be accepted with gratitude and paid back after the surgery.Please let me know how much you can loan to me and I will provide you with the details to get the money."
    >
    >It is of course a straight out scam, especially when the person concerned was in Wellington last night!
    >
    >The email came from [name changed] and I have a friend with same but email address . It is either a straight out coincidence or someone has hacked a computer and got a email address book containing both my and my friend's email addresses.
    >
    >The address seems to have been improperly obtained.
    >
    >What would be the best course of action? Is Microsoft likely to be interested in following this up?




    Just forget it this is very normal and happends all the time
     
    Frank Williams, Mar 2, 2012
    #3
  4. peterwn

    Gordon Guest

    On 2012-03-01, peterwn <> wrote:
    > Received this email overnight:
    > "I really did not want to disturb you with this but I had no one else to turn to.
    > I'm in barcelona, to see my cousin who lives here. He's critically ill and needs
    > family support. ............. Any amount will be accepted with gratitude and
    > paid back after the surgery.Please let me know how much you can loan to me and
    > I will provide you with the details to get the money."
    >
    > It is of course a straight out scam, especially when the person concerned was in Wellington last night!
    >
    > The email came from [name changed] and I have a friend with same but email address . It is either a straight out coincidence or someone has hacked a computer and got a email address book containing both my and my friend's email addresses.
    >
    > The address seems to have been improperly obtained.
    >
    > What would be the best course of action? Is Microsoft likely to be interested in following this up?


    If it adds to their bottom line then yes, maybe.

    I am with Frank on this, just move on.

    The spammer probably sent out *@msn.com. Imean after all hotmail and msn are
    hardy your minority ISP are they?

    The spammer wants $, as do we all.
     
    Gordon, Mar 2, 2012
    #4
  5. In article <13081212.664.1330634339117.JavaMail.geo-discussion-
    forums@ynel5>, says...
    >
    > Received this email overnight:
    > "I really did not want to disturb you with this but I had no one else to turn to. I'm in barcelona, to see my cousin who lives here. He's critically ill and needs family support. ............. Any amount will be accepted with gratitude and paid back after the surgery.Please let me know how much you can loan to me and I will provide you with the details to get the money."
    >
    > It is of course a straight out scam, especially when the person concerned was in Wellington last night!
    >
    > The email came from [name changed] and I have a friend with same but email address . It is either a straight out coincidence or someone has hacked a computer and got a email address book containing both my and my friend's email addresses.
    >
    > The address seems to have been improperly obtained.
    >
    > What would be the best course of action? Is Microsoft likely to be interested in following this up?



    In my experience these things come at once removed. I.e. somebody with
    (most likely) internet explorer and outlook has been hacked. They had
    your friend Joe in the address book and the hackers have used what they
    have pilfered from that person's address book to send out emails under
    Joe's name so that they might pass muster at first glance.

    It has happened this way to at least 3 people that I've come across.
    Always been ms-software exploits. I think it's unlikely that they
    actually hacked into hotmail/msn servers.

    In other words: there's probably jack shit you can do about it, just
    ride it out until they start using somebody else's hacked addressbook.
    They never stay on one address for very long at all as far as I've been
    able to observe.

    -P.
     
    Peter Huebner, Mar 2, 2012
    #5
  6. peterwn

    Ralph Fox Guest

    On Thu, 1 Mar 2012 12:38:59 -0800 (PST), in message <13081212.664.1330634339117.JavaMail.geo-discussion-forums@ynel5>
    peterwn wrote:

    > Received this email overnight:
    > "I really did not want to disturb you with this but I had no one else to turn to. I'm in barcelona, to see my cousin who lives here. He's critically ill and needs family support. ............. Any amount will be accepted with gratitude and paid back after the surgery.Please let me know how much you can loan to me and I will provide you with the details to get the money."
    >
    > It is of course a straight out scam, especially when the person concerned was in Wellington last night!
    >
    > The email came from [name changed] and I have a friend with same but email address . It is either a straight out coincidence or someone has hacked a computer and got a email address book containing both my and my friend's email addresses.
    >
    > The address seems to have been improperly obtained.
    >
    > What would be the best course of action? Is Microsoft likely to be interested in following this up?



    I received an email 6 weeks ago, "from" a friend's hotmail address.
    The Received headers indicated it was sent though Hotmail servers
    (apparently the Hotmail web interface) by someone with an IP address
    in mainland China.

    While it is trivial to change a "from" address in an SMTP client,
    one might think Hotmail could perform some validation on people
    using its web interface.

    Like you, I also wondered whether the email address was improperly
    obtained.

    FWIW the email I received was not a scam like yours, it was an
    advertisement. The language told mne immediately that it was not
    the friend...


    | Dear friends:
    | i have bought one iphone from china with the lower price,i got it within
    | 3 days,so fast!and i am very satisfactory with
    | their service and its quality!
    | also their company sales many other good electronics!pls be hurry to
    | vivsit their site!and you will find the big suprise!www.********.***


    --
    Kind regards
    Ralph
     
    Ralph Fox, Mar 2, 2012
    #6
  7. peterwn

    peterwn Guest

    On Mar 2, 9:38 am, peterwn <> wrote:
    <snip>
    Got to the bottom of it. My friend's hotmail account was hijacked. I
    emailed
    to that account warning my friend, and got back a reply from the
    fraudster
    wondering when i would send the money by Western Union. Poor friend is
    rather red faced and been deluged with phone calls from mailing list
    contacts who also had dud messages.
     
    peterwn, Mar 2, 2012
    #7
  8. peterwn

    ~misfit~ Guest

    Somewhere on teh intarwebs Peter Huebner wrote:
    > In article <13081212.664.1330634339117.JavaMail.geo-discussion-
    > forums@ynel5>, says...
    >>
    >> Received this email overnight:
    >> "I really did not want to disturb you with this but I had no one
    >> else to turn to. I'm in barcelona, to see my cousin who lives here.
    >> He's critically ill and needs family support. ............. Any
    >> amount will be accepted with gratitude and paid back after the
    >> surgery.Please let me know how much you can loan to me and I will
    >> provide you with the details to get the money."
    >>
    >> It is of course a straight out scam, especially when the person
    >> concerned was in Wellington last night!
    >>
    >> The email came from [name changed] and I have
    >> a friend with same but email address . It
    >> is either a straight out coincidence or someone has hacked a
    >> computer and got a email address book containing both my and my
    >> friend's email addresses.
    >>
    >> The address seems to have been improperly
    >> obtained.
    >>
    >> What would be the best course of action? Is Microsoft likely to be
    >> interested in following this up?

    >
    >
    > In my experience these things come at once removed. I.e. somebody with
    > (most likely) internet explorer and outlook has been hacked. They had
    > your friend Joe in the address book and the hackers have used what
    > they have pilfered from that person's address book to send out emails
    > under Joe's name so that they might pass muster at first glance.
    >
    > It has happened this way to at least 3 people that I've come across.
    > Always been ms-software exploits. I think it's unlikely that they
    > actually hacked into hotmail/msn servers.
    >
    > In other words: there's probably jack shit you can do about it, just
    > ride it out until they start using somebody else's hacked addressbook.
    > They never stay on one address for very long at all as far as I've
    > been able to observe.


    Hi Peter,

    A friend of mine had his Hotmail account hacked and I got messages for about
    a year, on and off, from that account. I'd say that the hackers must have
    had some bites from his address book (he was a prolific emailer, and
    young..) so kept mining it.
    --
    Shaun.

    "Humans will have advanced a long, long, way when religious belief has a
    cozy little classification in the DSM."
    David Melville (in r.a.s.f1)
     
    ~misfit~, Mar 3, 2012
    #8
  9. peterwn

    Dave Doe Guest

    In article <13081212.664.1330634339117.JavaMail.geo-discussion-
    forums@ynel5>, , peterwn says...
    >
    > Received this email overnight:
    > "I really did not want to disturb you with this but I had no one else to turn to. I'm in barcelona, to see my cousin who lives here. He's critically ill and needs family support. ............. Any amount will be accepted with gratitude and paid back after the surgery.Please let me know how much you can loan to me and I will provide you with the details to get the money."
    >
    > It is of course a straight out scam, especially when the person concerned was in Wellington last night!
    >
    > The email came from [name changed] and I have a friend with same but email address . It is either a straight out coincidence or someone has hacked a computer and got a email address book containing both my and my friend's email addresses.
    >
    > The address seems to have been improperly obtained.
    >
    > What would be the best course of action? Is Microsoft likely to be interested in following this up?


    Just e-mail yer joe bloggs man and tell him to change his password -
    suggest he uses a better one in future! :)

    --
    Duncan.
     
    Dave Doe, Mar 4, 2012
    #9
  10. peterwn

    Dave Doe Guest

    In article <136b88d8-eb43-47b6-845e-d031927919e3
    @k29g2000yqc.googlegroups.com>, , peterwn says...
    >
    > On Mar 2, 9:38 am, peterwn <> wrote:
    > <snip>
    > Got to the bottom of it. My friend's hotmail account was hijacked. I
    > emailed
    > to that account warning my friend, and got back a reply from the
    > fraudster
    > wondering when i would send the money by Western Union. Poor friend is
    > rather red faced and been deluged with phone calls from mailing list
    > contacts who also had dud messages.


    Yep, quite common - a result of too many folk having very poor
    passwords. The hackers don't 'hi-jack' the account to the extend of
    changing the password (that would tip off the account holder) - and just
    happily use it to send out such malicious e-mails to the account
    holder's contacts.

    New password - fixed!

    As said, suggest they use a stronger password in future! :)

    --
    Duncan.
     
    Dave Doe, Mar 4, 2012
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. boris
    Replies:
    16
    Views:
    794
    Andrew Clover
    Oct 18, 2004
  2. Joe

    Suspicious script

    Joe, Sep 9, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    618
  3. wgreene
    Replies:
    5
    Views:
    641
    Plato
    Jul 31, 2004
  4. John Black

    suspicious application in task manager?

    John Black, Jun 29, 2005, in forum: Computer Security
    Replies:
    3
    Views:
    550
    Winged
    Jul 1, 2005
  5. Sam

    Suspicious Icons on Desktop

    Sam, Apr 30, 2006, in forum: Computer Security
    Replies:
    36
    Views:
    3,118
Loading...

Share This Page