WARNING, WARNING, WARNING, WARNING, WARNING !!!
The
following link is an email scam/spoof/fraud that PRoComputing received on
Friday, 2006 September 22.
Be careful ==> This was a
scam email intended for PRoComputing to follow the embedded link
and disclose important financial information.
BUT DO NOT FOLLOW THE embedded LINK.
After you have finished JUST LOOKING, return to this page with your browser's
BACK button
Please-Restore-Your-Account-Access.htm
In the hidden email header is:
X-Account-Key: account2
X-UIDL: 1gqNWb6qc3Nl36s0
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Status: U
Return-Path: <root@ibixgw.ibix.co.jp>
Received: from ibixgw.ibix.co.jp ([219.166.32.67])
by mx-canard.atl.sa.earthlink.net (EarthLink SMTP Server) with ESMTP id 1gqNW96qc3Nl36s0
for <procomputing@earthlink.net>; Fri, 22 Sep 2006 12:31:37 -0400 (EDT)
Received: from ibixgw.ibix.co.jp (mail [127.0.0.1])
by ibixgw.ibix.co.jp (8.12.8/8.12.8) with ESMTP id k8MGpFLw011811
for <procomputing@earthlink.net>; Sat, 23 Sep 2006 01:51:15 +0900
Received: (from root@localhost)
by ibixgw.ibix.co.jp (8.12.8/8.12.8/Submit) id k8MGpFWp011809
for procomputing@earthlink.net; Sat, 23 Sep 2006 01:51:15 +0900
Date: Sat, 23 Sep 2006 01:51:15 +0900
To: procomputing@earthlink.net
Subject: Please Restore Your Account Access
Message-ID: <1158943875.14900.qmail@paypal.com>
From: "service.com" <service@paypal.com>
Content-Type: text/html
X-ELNK-Info: spv=0;
X-ELNK-AV: 0
X-ELNK-Info: sbv=0; sbrc=.0; sbf=00; sbw=000;
X-Antivirus: AVG for E-mail 7.1.407 [268.12.8/455]
This even looks like it originated from paypal.com, with stolen Paypal image and
“From: "service.com" <service@paypal.com>”
But wait. “Received: from ibixgw.ibix.co.jp ([219.166.32.67])”
And if you were to click on the original “http://www.paypal.com/us/cgi-bin/webscr?cmd=_contact-general”
You would have linked to ==> http://cambermail.com/uniline/.ws1/include/webscrcmd.php
NOT Paypal !!!
Let's use http://centralops.net/co/DomainDossier.aspx
and some of what we get using “ibix.co.jp” is:
role: Japan Network Information Center
address: Kokusai-Kougyou-Kanda Bldg 6F, 2-3-4 Uchi-Kanda
address: Chiyoda-ku, Tokyo 101-0047, Japan
country: JP
phone: +81-3-5297-2311
fax-no: +81-3-5297-2312
e-mail: hostmaster@nic.ad.jp
admin-c: JI13-AP
tech-c: JE53-AP
nic-hdl: JNIC1-AP
mnt-by: MAINT-JPNIC
changed: hm-changed@apnic.net 20041222
changed: hm-changed@apnic.net 20050324
changed: ip-apnic@nic.ad.jp 20051027
source: APNIC
inetnum: 219.166.32.64 - 219.166.32.71
netname: IBIX
descr: IBIX Corporation
country: JP
Golly, gosh,.... That sure does not look like a Paypal web site.
And the “cambermail.com” looks like an email service in England:
Domain Name: CAMBERMAIL.COM
Registrar: TUCOWS INC.
Whois Server: whois.opensrs.net
Referral URL: http://domainhelp.tucows.com
Name Server: NS0.WESTHOST.CO.UK
Name Server: NS1.WESTHOST.CO.UK
Status: ACTIVE
Here are a couple of interesting sites dedicated to exposing scams & spoofs ==>
So,
be careful what you read and where you go.
And check snope.com (Use the “Search”
box at the bottom of the snope web page) before you forward an email that
could be a Hoax, that might send your forwarded-readers off changing their
PC's to a state that cannot be easily undone.
