RSS

Suspicious Email (possible hacker/phishing attack)

25 Nov

Similar suspicious emails came threw from unknown users (possible bots.) In the email was one link and the email was sent to me and dozens of other addresses. The IP’s in this email and others alike, a IP’s used by Scammers sending out fraud mail and the link are believed to be spoofed or a possible hacker/phishing attack. I havn’t clicked the link and I don’t advise you to. I posted it so it would show up in search engines incase others looked it up.

 
 
FROM: Victor Garza” <garza-victor@sbcglobal.net>
To: jsissonsinvestments@gmx.com, harveyhcho@gmail.com, generalmeuse@gmail.com, minwater2009@hotmail.com, nilamerlita@yahoo.com, porkyexposed@yahoo.com, pers-pjz28-2625231933@craigslist.org, tognar33@yahoo.com, hanzdb@yahoo.com, tagee0@aol.com, ang7maulana@yahoo.com, revitalisasidiy@telkom.net, ini_bisnis_gw@yahoo.com, benny_irawan0581@yahoo.com, wawa0926@kimo.com, dejuntaxs@yahoo.com, Bharathsabari.Venkataraj@bh.yokogawa.com, modeling@knoxvillemodels.org, patty_aiken@juno.com, utuydjamhur@yahoo.co.id, freddy_saputera@yahoo.com, herzal@windowslive.com, sssxxxp11@gmail.com, selina671@yahoo.com.tw, chrisgladdenmusic@gmail.com, sy45689@hotmail.com, daffy_dee79@yahoo.co.id, star_maxing@yahoo.cn, hannien_sans@yahoo.com
 
 
 
HEADER:
 
 

The ORIGINATING IP ADDRESS OF THE ABOVE EMAIL IS KNOWN TO SEND OUT NIGERIAN 419 SCAMS WHICH MOST LIKELY INDICATES THAT THE ABOVE EMAIL IS SOME TYPE OF SPOOFED/HACKER/PHISHING-ATTACK

Example Messages Sent From 98.138.229.103
From: Spring Investment Limited <web.office_3474.32@veri
Subjectnone/blank 
From: “Frank Jimmy Loans Co.” <web.office.003-10@rogers.
Subjectnone/blank 
From: evelyn <janniferkiss@yahoo.com>
Subject: HELLO, 
From: Nadia Mbembe <nadiammbem@yahoo.co.th>
Subject: Hello dear 
From: Miss Nadia Kallon Mbembe <nadiammbem@yahoo.co.th>
Subject: Hello dear 
From: gift ukeh <giftukeh@yahoo.com>
Subject: Nice To Meet You, 
From: “222222222” <222222222>
Subject: 请查收 
From: Walid Kh <walidkh52@yahoo.com>
Subject: this has been your time to shine 
From: “Mrs. Sharon Crawford”<info203932@skymail.mn>
Subject: COMPENSATION ALERT, OPEN ATTACHMENT TO READ ALERT 
From: “Mrs. Sharon Crawford”<sharoncrwfrd1191@skymail.mn
Subject: Scam Victim Compensation Alert, View Attachment Fo
From: Florin <munguu_jin@yahoo.com>
Subject: =?iso-8859-1?Q=?= 
From: “MRS. VERA DAVISON” <mrs.veradavison@gmail.com>
Subject: NOTIFICATION!!! YOUR E-MAIL I. 
From: Re majer <web1.118@att.net>
Subject: HELLO FRIEND? 
From: PREMIUM FINANCIAL HOLDINGS LIMITED <web.offfice.45
Subject: Loan Offer 3% 
From: rejoybaby maj <web69.12345@att.net>
Subject: HI It’s My Pleasure 
From: weboffice 000xxxxofficef1 <web_officefile0990@att.
Subject: Fw: PLEASE YOUR URGENT ATTENTION IS NEEDED
From: “MR. SUNNY LUCAS” <sunluccas111222@rediffmail.com>
Subject: SOUTH AFRICAN NETWORK FOR WOMEN 
From: “MRS. SUSAN SHABANGU” <shabangu100@gmail.com>
Subject: KINDLY OPEN YOUR ATTACHED FILE AND GO THROUGH IT A 
From: “General Manager”<xxxxxx32@hushmail.com>
Subject: HELLO, (VERY URGENT PLEASE !!!) 
From: “travisgalica@yahoo.com” <travisgalica@yahoo.com>
Subject: FW: Did you see what Dr Oz said last week? 

client ip 98.139.212.191

Associated Mail Server – 98.139.212.191

Project Honey Pot

The email’s IP has also been the IP of a 419 scam attempt by an online user who then reported it to scamwarners

Delivered-To: [my.redacted.address]
Received: by 10.182.51.4 with SMTP id g4csp15278obo;
Thu, 22 Mar 2012 09:07:20 -0700 (PDT)
Received: by 10.224.58.205 with SMTP id i13mr11384387qah.97.1332432439777;
Thu, 22 Mar 2012 09:07:19 -0700 (PDT)
Return-Path: <0desirekoende4582@att.net>
Received: from nm23-vm0.bullet.mail.bf1.yahoo.com (nm23-vm0.bullet.mail.bf1.yahoo.com. [98.139.212.191])
by mx.google.com with SMTP id c2si2125271qcd.182.2012.03.22.09.07.19;
Thu, 22 Mar 2012 09:07:19 -0700 (PDT)
Received-SPF: neutral (google.com: 98.139.212.191 is neither permitted nor denied by best guess record for domain of 0desirekoende4582@att.net) client-ip=98.139.212.191;
Authentication-Results: mx.google.com; spf=neutral (google.com: 98.139.212.191 is neither permitted nor denied by best guess record for domain of 0desirekoende4582@att.net)smtp.mail=0desirekoende4582@att.net; dkim=pass header.i=@att.net
Received: from [98.139.212.148] by nm23.bullet.mail.bf1.yahoo.com with NNFMP; 22 Mar 2012 16:07:19 -0000
Received: from [68.142.200.224] by tm5.bullet.mail.bf1.yahoo.com with NNFMP; 22 Mar 2012 16:07:19 -0000
Received: from [66.94.237.118] by t5.bullet.mud.yahoo.com with NNFMP; 22 Mar 2012 16:07:19 -0000
Received: from [127.0.0.1] by omp1023.access.mail.mud.yahoo.com with NNFMP; 22 Mar 2012 16:07:18 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 987846.4887.bm@omp1023.access.mail.mud.yahoo.com
Received: (qmail 30955 invoked by uid 60001); 22 Mar 2012 16:07:18 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=att.net; s=s1024; t=1332432438; bh=qC9ja17T2XXp6aqesfDLGfKpznCUVeikD60t7/lfcNQ=; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type; b=y0wL2wF7Ou+MqEhEnoS2H+wWp2Qyut0bPleskdzEgWoAXVYYXWRuzHHupGsu1F4os93JLL6Dm4wBfwhq9Jj+6IMouzb7ghB9GBr4WH34IbJ40+Y0jt3Kvk7xPeKpTq/AgBIpqMVwyDdfHIIGLRNMa/Z//GwnW6XTQY3+R4odMRMDomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=att.net;
h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type;
b=A9AAuHEVubbzaAjLCe1F2QXM6T4rNgWGc58ZdbiN0y0ONyi3avS69FCJvwGlbvNG+fDU4BbwaEKeZ/xoqRx6qi8T5eBVdElPReyIAcxs27GttTcw9pHIey+Jmi58T/Z8p/ALnnM5qk8/mCO7KB8I96Wr5mlgBNozCw71BP+59TI=;
X-YMail-OSG: BIagEk0VM1kiihpr6_QUOCzsmXlIPZ0xTODn1dDH6rL4Uqu
YKXGlk3eS7WyDQ324tdhkrDgRb_r1xCKsPLS8IdffD7YdHDiUeZfJnmXenuX
RTbjq6F6mMAzY_MWskr9N1jhO_rMHCVrLnRv14jJqe0u3MUMtn9wv1juziRK
ej.JnAtMxZsKrDoWAs.aPCX1V7myQlhnbzsCSNwBTNyB4736ZQJ.lI2rH0dN
phxlNHy61DXsXqiorsbtqRjoLYxlJHMz3vn38iH3unqV2Vb47cBIz4dC14JP
zSYJPQXm1IATDR1cjC9w1YVq4VYB7DaIl2r_970rS8CczZ2H1aXprM7EqlDO
xZvnKodoErHLBoIxuXrcjWKBRJv78_5rzlVEEJHxpEwjqdB3w4HnMdKTjg0D
UL.MtISfulEEKis3tnsjlqmurgKXSc0wUSLyTwFHkT9QucZj5B0roeGYQZSU
l0TQ16rMLi3H00mVaeQ–
Received: from [41.82.148.87] by web180910.mail.ne1.yahoo.com via HTTP; Thu, 22 Mar 2012 09:07:18 PDT
X-Mailer: YahooMailClassic/15.0.5 YahooMailWebService/0.8.117.340979
Message-ID: <1332432438.21116.YahooMailClassic@web180910.mail.ne1.yahoo.com>
Date: Thu, 22 Mar 2012 09:07:18 -0700 (PDT)
From: desire koenders <0desirekoende4582@att.net>
Reply-To: mr.desirekoenders@yahoo.com
Subject: From Mr. Koenders Desire
To: [redacted]
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary=”897918875-1321714197-1332432438=:21116″

From Mr.Koenders Desire
Telephone: 00221771499501
I am Mr.Koenders Desire the only son of Late Mr. & Mrs.Désiré Dallo but am here with my sister. I select you to assist me. My father was a cocoa merchant in Abidjan the economic capital of Cote d’Ivoire He was poisoned to death by his friends . But before the death , he secretly called me by his bed side and told me that he has the sum of Four million two hundred thousand United States Dollars USD ($4.200,000) deposited in bank .So am currently living in senegal to get someone that will assist me. He used my name (Koenders Desire) as the next of Kin to deposit the money. He then strongly advised me to be careful especially with his friends and our relatives.the money is kept in the bank with the view of making use of it for investment purposes after my educational carrier.. For The urgly development in this country,I have now decided to take quick actions and have this money transferred out of this country before it is too late.I am honorably seeking your assistance in the following ways Please I need your assistance in this ways.

1. Can I completely trust you? 2. What percentage of the total amount in question will be good for you after the money is transfer to your country? 3.Can you help me to come over to your country and further my educational carrier?4.Can you asure me of the confidentiality of this transaction till when this money get to your Custody,this is to ensure that nothing jeopardizes my last wish on Earth.No matter what your decision may turn to be I humbly beg you to reply to me.
Thanks and God bless you
Best regards
Mr Koenders Desire

 
Leave a comment

Posted by on 11/25/2012 in Other

 

Tags: , , , , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: