Another Patented Traffick.com "Call for Jail Time"
Today I received one of those PayPal "account problem scam" spams. It looks like it's really from PayPal because the "from line" is ostensibly from "service at paypal.com." You're then asked to click on a link which looks like it's really from PayPal.com. Of course, if you check the full header, the email is really coming from the domain "hugeupdateinfo.com" (not really, though, as this appears to have been spoofed), as I quickly found out:
Received: from 216.152.237.133 (EHLO mail2.interkey.net) (216.152.237.133) by mta246.mail.scd.yahoo.com with SMTP; Mon, 12 Apr 2004 23:35:30 -0700
Received: from hugeupdateinfo.com (mail.interkey.net [216.152.237.91]) by mail2.interkey.net (8.11.6/8.11.6) with ESMTP id i3D5jfL14237; Tue, 13 Apr 2004 01:45:41 -0400
Received: from Sender [24.0.78.62] by hugeupdateinfo.com with ESMTP (SMTPD32-8.05) id A9D786B40078; Tue, 13 Apr 2004 02:33:59 -0400
And the link is really not to a PayPal address. When you mouse over the anchor text (which is made to look like a URL), the real site you're taken to is "updateaccount.info." From there presumably someone is going to try to get your personal information. Not that I'd ever click on something like this!
That scam's been making the rounds lately, and no doubt catching a certain percentage of recipients who aren't savvy enough to investigate. Usually, the scammers don't leave a lot of tracks, making sure everything they do is overseas. In this case they're probably using an overseas hosting company, but the Whois info on updateaccount.info, registered no earlier than April 8 (that's a fresh scam indeed!), seems pretty detailed:
Domain ID:D5860897-LRMS
Domain Name:UPDATEACCOUNT.INFO
Created On:08-Apr-2004 17:21:59 UTC
Expiration Date:08-Apr-2005 17:21:59 UTC
Sponsoring Registrar:R161-LRMS
Status:ACTIVE
Status:OK
Registrant ID:C4565310-LRMS
Registrant Name:Gennarina Pirrone
Registrant Street1:8205 14 Avenue
Registrant City:Brooklyn
Registrant State/Province:--
Registrant Postal Code:11228
Registrant Country:US
Registrant Phone:+718.2564321
Registrant Email:trcytllrn@aol.com
Admin ID:C2766260-LRMS
Admin Name:Hostmaster Funktionen
Admin Organization:B-One ApS
Admin Street1:Esromgade 15, opg 1, 4 sal
Admin City:Koebenhavn
Admin State/Province:--
Admin Postal Code:2200
Admin Country:DK
Admin Phone:+45.70205872
Admin Email:hostmaster@b-one.nu
Billing ID:C2766260-LRMS
Billing Name:Hostmaster Funktionen
Billing Organization:B-One ApS
Billing Street1:Esromgade 15, opg 1, 4 sal
Billing City:Koebenhavn
Billing State/Province:--
Billing Postal Code:2200
Billing Country:DK
Billing Phone:+45.70205872
Billing Email:hostmaster@b-one.nu
Tech ID:C2766260-LRMS
Tech Name:Hostmaster Funktionen
Tech Organization:B-One ApS
Tech Street1:Esromgade 15, opg 1, 4 sal
Tech City:Koebenhavn
Tech State/Province:--
Tech Postal Code:2200
Tech Country:DK
Tech Phone:+45.70205872
Tech Email:hostmaster@b-one.nu
Name Server:NS1.B-ONE.NU
Name Server:NS2.B-ONE.NU
It would be nice to think that somehow the domain registration system would allow us to track down perpetrators of fraud by looking at this info, but at the very least, the Brooklyn phone number given appears to be fake. It almost seems too easy, doesn't it? These people are collecting hundreds or thousands of credit card numbers and other aspects of people's personal identities with only a small chance of getting caught. At the very least, a hosting company that would allow spammers like this to send out large volumes of email needs to be looked at closely by their local authorities. By allowing it, by failing to put stricter controls over the sending of mass emails with obvious spam-filter-triggering content, aren't they really condoning the activity? Shouldn't they be held to account, too?
Posted by Andrew Goodman
| | Permalink
 |
 |
 |
The Traffick Search Engine Directory :: |
| » Internet Marketing » Internet Tools » Search Engines |
» Web Browsers » Web Portals » Webmaster Tools |
» About the Directory » Add URL » Traffick Report: Flock |
