This Blog
Syndication
Recent Posts
Tags
Calendar
Archives
CA Security Advisor Research Blog
Operation GreenDot, Following the SPAM
Do you ever wonder what is at the other end of the SPAM email that you receive in your inbox? You often see emails advertising cheap software, hot stock tips, and various pharmaceuticals. I think that we have all gotten the v1gra and Cialis emails. One day I decided I would investigate and see just where this little message would take me. So, if you are ready for an adventure, follow me on a virtual trip that will take you all the way around the world. Don’t forget your passport, you will need it.
Our journey begins outside of Washington, DC. I am sitting at my desk, going through my SPAM filtered email, when I see one that catches my eye, “Dreams can cost less repl1ca w4tches from r0lex here”. Sounds interesting I thought, and I could use a new watch. Knowing the harmful effects of opening unsolicited email, I decided to open the email in a controlled virtualized environment. Below is the content of the email:
A T4g Heuer w4tch is a luxury statement on its own. Unfortunately, that luxury comes with a price... Except when you visit Prest1ge Repl1cas, the web's most comprehensive collection of brand name repl1ca w4tches. In Prest1ge Repl1cas, any T4g Heuer is available for just over $200. htxp://www.lagetyo.com
I also opened several other emails with similar subject lines. Each email had the same message, but contained different websites to visit. From the sampling of emails I found nine different URLs. As you can see from the list of URLs, the names seemed to be randomly generated:
- www.sueyhhb.com
- www.sueywhhn.com
- www.aueiwmm.com
- www.syewthhw.com
- www.soiekkj.com
- www.suewywtt.com
- www.ytrueujj.com
- www.slejenbb.com
- www.aeiwkee.com
According to Whois.net these websites are still listed as active, however they no longer resolve. All are registered in NanChang China, and all but 3 are registered to a Liu Tao who, according to Wikipedia, happens to be a famous Chinese actress. I am sure there is no relation.
Going back to the original email I received, I decided to look at who the email was from and who it was actually sent to. According the spam filter email headers, the email was sent from “cherylc@hisplacechurch.com”. I did a quick search on the domain, “hisplacechurch.com”. This led me to a small church in Burlington, Washington. That is Washington state, not Washington, DC. So I peruse the site and find the church staff link where I find Cheryl Neff, the Sr. Pastor’s Assistant. Sure enough, her email was the same. While you might think that Cheryl Neff’s computer is the origin of the email selling prestigious watches, it is actually not. Unfortunately for us, and you the reader, we will never know where the actual email came from. We can be pretty sure that Cheryl’s computer had some kind of Malware on it that contained a mail engine that sent out hundreds or even thousands of emails all around the world promoting these luxurious watches. Unfortunately Cheryl is not alone in this. I received the same email message from many other unsuspecting senders, ranging from various home users to Fortune 500 companies. I have also seen the same email content blindly posted on numerous blogs. Hopefully for Cheryl and the His Place Church, they got their computer systems cleaned up.
So, let’s get back to the email, because I still need a new watch. The first thing I did was start a packet sniffer on my local network to see if the web site was downloading any unwanted software (malware) to my system, or if the site was sending any of my personal information to some third-party destination. With my packet sniffer running, I opened up a web browser, I entered the www.lagetyo.com website, and off I went. It was a very nice site. There were lots of nice looking watches, bracelets, and earrings for sale. There was a shopping cart built into the site, a privacy policy, a testimonial section (which I can’t wait to read later), and a Contact Us link.
I viewed the source code from the site to see if there were any behind-the-scenes deceptions, such as any malicious iFrames. The site looked pretty clean.
I decided to read their privacy policy and see what they had to say. One thing that caught my eye was the use of SSL (Secure Socket Layer), which is good because it sends important information over the Internet in an encrypted state, and when you are sending your credit card across the Internet, you want it safe from prying eyes.
Next I decided to read the “About Us” link on their site. The owners mention that they have been the leading online retailer of quality luxury timepieces since 2003. Oddly enough, every one of the aforementioned websites was only in operation for one or two weeks. As a matter of fact, from the start of this investigation the http://www.lagetyo.com/ website was no longer up and operational. Since my work was not done and I still needed a watch, I went to another one of the websites that was still active. I picked www.aeiwkee.com. Just like the previous site, it was up for a few days, then down just long enough to change the IP address from 218.53.147.152 to 116.199.128.6. I found out that both IP addresses resolve to different companies, Hananet in Korea, and newpower-cn in China. If you enter http://218.53.147.152 in a web browser, you get the message “site not found on our server!” This is a common practice for these types of operations.
Now that I have a site that is up, I think that it’s time to make a purchase. Regardless of their four-year track record of being the #1 online retailer, and Sara Berry’s raving testimonial, I was still leery about using my credit card to make a purchase. In following my gut, I decided to go undercover to make the purchase. I made trip to my local CVS store and purchased a GreenDot Visa debit card. I put $100.00 dollars on the card and proceeded back to the office. For safety precautions, I decided not to use my real name and address when registering the card. So I took on an alias, Alain Tibberman. I needed to find something that cost under a $100.00 dollars. I was not able to find a watch for under that price. Knowing that I could always buy my wife a gift, I decided to look at their selection of earrings. I found a nice pair for only $52.00 (plus $29.00 for shipping and handling). First, I made sure that my trusty packet sniffer was running so I could see everything that was going on behind the scenes. I input all of my personal information - name, address, credit card number, etc. I was really curious where my credit card information was going to be sent. After the transaction was complete, I started going through the packet sniffer logs. Remember earlier when I said that I was happy to see that the web sites shopping cart was using SSL to encrypt the traffic? As you can see from the image below, there is my credit card number and CVV number in plain text. My name, address and email address were also sent in clear text. Good thing Alain Tibberman was a fictitious name.
The order has been placed. I hope that I get my earrings and I hope that my card information has not been intercepted along the way. I am pretty sure that the end site is storing all user information in an encrypted database, so it should be safe from hackers there.
I checked my newly created email account to see if I have received anything from the vendor. Sure enough, I have received a confirmation thanking me for my purchase and informing me that my order has been successfully processed, also providing an order number. It even provided me with an email address to contact if I need help.
Hmmm, very interesting. I went to domain from the support email, top-esupport.com, and the domain is not longer resolving. Through the Whois database, the top-esupport.com site is registered to a group called CSMJBS Enterprise, located in Las Vegas, NV. So I decided to conduct a Google search on CSMJBS Enterprise to see what I could find. The first site returned in my search was referencing Fake Sites Database, with a WARNING: “Please be aware that the fake banks, lotteries and companies on the list are used by dangerous criminals. We don’t encourage anyone to engage in any form of communication with them. If you chose to communicate them for whatever reason, you will be doing so at your own risk”. I decided to do a little poking around. I called the City of North Las Vegas and inquired about CSMJBS Enterprise. First of all the address that was listed in the Whois database was false. The company went into default in April of 2007. Jeremy Stamper, the head of the company resides in Seattle, Washington and has recently been accused by the Department of Financial Institutions Securities Division as running several fraudulent financial websites that has tricked numerous numbers of people into sending in money. Over $2 million dollars have been seized by Las Vegas police.
So let’s get back to my earrings. I was pretty sure that the vendor was going to charge my card, so I logged into my GreenDot Online account to see what transactions had occurred. Sure enough, there was a charge for $77.00 for the earrings, with the vendor name ElegantReplica.com and a phone number. Ah, another lead. Well, conducting a search on the ElegantReplicate.com led me nowhere. I found a few dead links, but mostly sites complaining about the domain being a part of a spam operation. So then I searched on the phone number. That lead was a little more promising. Out of 5 search results returned, two of them led to websites that resembled www.aeiwkee.com where I purchased the earrings. The other three results lead to web sites that no longer resolved. No surprise there. I did find out that the number is registered to a group called TwoBucks Trading Ltd. located in Nicosia, Cyprus.
So on our virtual tour we started off in Washington state, with the poor church lady; then to Herndon Virginia, where a nosy research started investigating; then to NanChang, China, where the websites were registered. From there it was a short hop to Shenzhen, China, & Seoul, Korea, where the two IP addresses were registered; back to the United State where a suspicious shell company in Las Vegas, Nevada, was registered as the registrant to the support email; back up to Seattle Washington and Jeremy Stamper’s shell companies; then finally to Nicosia, Cyprus, where my money was ultimately collected. That took you across America and got you 3 different stamps in your passport.
I was still wondering if I was going to get my earrings. So I called the phone number in Cyprus, and after calling 5-6 different times I finally got a live person on the other end of the phone who was able to provide me with a tracking number. I plugged my tracking number into the shipper’s website and obtained the following transaction log.
Foreign Acceptance, August 22, 2007, 7:35 pm, CHINA PEOPLES REPForeign International Dispatch, August 23, 2007, 4:09 pm, BEIJING., CHINA PEOPLES REP Foreign Acceptance, August 22, 2007, 7:35 pm, CHINA PEOPLES REPInbound International Arrival, August 25, 2007, 9:58 pm, KENNEDY AMC In route, August 26, 2007, 9:21 am, MERRIFIELD, VA 22081 Arrival at Unit, August 26, 2007, 12:52 pm, RESTON, VA 20190Notice Left, August 26, 2007, 2:19 pm, HERNDON, VA 20171
Unfortunately I never got the shipment. I called the post office and they were not able to locate the package. I guess my post office could have lost it.
As I was wrapping this article I wanted to go back to the www.aeiwkee.com website to see if it was still up and operational, and poof, just like that the site is gone. This is the method of operation for these businesses. They will register many different websites and each site will only be up for a certain amount of time, only long enough to get some business before the Internet SPAM groups and other vigilante groups use the Internet as a public forum and expose the sites. It very well could be that these sites are just recycled and will be selling something else in a few months.
At the end of the day, the things to remember the most about this story is that there are a lot of shady corners on the Internet. If you are about to use your credit card and purchase something online double check to make sure that it is your intended website. There are a lot of replica sites used to fool people. Also ensure that your personal information is really being sent over the Internet by SSL. Both Internet Explorer and Firefox will present a little pad lock indicating that the connection between the client browser and the server are encrypted. And last of all do not believe everything you read or get in an email, even if they are from nice church ladies.
Comments
Rob said:
good artice that site is up and running agin
www.aeiwkee.com/model.php
i though i would say something
Rob,
Thank you for your interest and following up. I have received many other similar comments on the site. As I saw from before they seemed to go up and down just long enough to stay under the radar.
Sincerely,
Mark
boredtodeath said:
ZZZZZZZZzzzzzzzzzzzz you could have saved yourself & readers some time & posted a blank page. What a bunch of NOTHING!
Keith In VA said:
Hey, that was a pretty good read. I'm surprised that after all the shady ways the spammers sent their emails, it looked like they actually sent a product. I would have thought your money would have been taken and you would never hear from them again. Too bad the earrings never arrived, it would have been quite interesting to see what spam goods look like.
johnson said:
maybe they were doing site maintenance, because as of 0410am EST 29OCT07, the www.aeiwkee.com website is still up. i just tried it.
Johnson,
Thanks for taking the time to read and comment. Yes the site does go up and down. I check for about two weeks after writing the article prior to the posting and it was down the whole time. I guess it could be a number of things.
Sincerely,
Mark
P. said:
wow... thanks for the information. i was a target of a room renter scam .... good thing had a hunch when i got the check and asked the bank to verify it before cashing it...
cuz they sent MORE than 4 times teh amount i asked for to secure their first deposit...
i didnt get charged by my bank cuz i asked them to verify if it was fake first... and i only lost 2 days of pay waiting at home for the package... with teh fake check -_-
P.
Thanks for the comments. I have yet to hear about a room renter scam, but now I guess I can say that I have heard them all.
Thanks,
Mark
GreenDotVictim said:
GreenDot is made up of worse criminals than these spammers.
GreenDotVictim said:
GreenDot is made up of worse criminals than these spammers.
Amanda said:
Wow, I've never done this, but it's good to know the real truth behind them.
Zahn Ismail said:
Dear Mr. Wade,
Very useful information. Thank you.
enigma said:
well, aeiwkee.com is up with 82.44.180.220 right now.
and i my question is why didn't you claim it from post office (cz it was on recorded delivery) ?
Enigma,
Thank you for reading the blog and posting a comment. Yes I see that the site is back up. Apparently they have gone up and down. For two weeks since I have written the article prior to being posted I continuously checked the site and it was down. As for your comment on the post office, I actually did drive down there and try to claim it. They were unable to find it, or have any record of where it might be.Thanks,
Mark
Pat Williams said:
Thank you for taking the time to print this story. The internet is a great help, but we do need constant reminders of the dangers. I had a bad experience a few years ago where someone was able to block a port on my computer and when I shut it down, they were able to use my computer to make international phone calls. This came to light when my phone bill arrived. It was the phone company that told me about the blocked port. The phone company also said this is not uncommon. Again thank you.
Pat,
Thanks for reading the blog and commenting on it. Yes anytime someone can find a way to make money they will exploit anyway they can. Right now that vector is the Internet. We all must be very careful about how we conduct our personal business online and interact in general. Thanks again for the comments.
Sincerely,
Mark
Pat Williams said:
Thank you for taking the time to print this story. The internet is a great help, but we do need constant reminders of the dangers. I had a bad experience a few years ago where someone was able to block a port on my computer and when I shut it down, they were able to use my computer to make international phone calls. This came to light when my phone bill arrived. It was the phone company that told me about the blocked port. The phone company also said this is not uncommon. Again thank you.
tssadler said:
great info!!!
tssadler said:
great info!!!
Ash Ketchum said:
LOL! I just got such an email just now. I have received many of these emails in the past. And its obvious that these are scams. And I think many people figure it out as soon as they see the name of the site and the URL.
Have a look at their "Contact Us" page's source. There's a piece of javascript code and theres a variable called "RemoveWords". And it contains words like "stop sending|unsubscribe|take me off|delete me|stop email|opt out|spam|no more". LOL! Have a look.
Greta Corens said:
Dear Mr. Wade,
Thank you for a well written article and for researching these lurking monsters, for all your knowledge and clarifying it for us.
Could you also investigate a company called: cloncom where I bought telephone cards and paid foe them through paypal. When I want to access the company a screen on my computer warns me not to pursue this address for a reason I forgot.
Is this a legitimate site that has been diverted to a scam site? And what should I do to prevent penetration into my computer besides anti virus and spyware protection?
Thank you
Greta Corens
peggy said:
Great Info ! Although I have never had the urge to purchase from I didnt know or go to, its fascinating how easy it is to would be for someone to 'take' my money..... although in reality I guess I would be the one 'giving' it away. THANKS for the information !
Linda R said:
I don't think most people know how to check and do all that checking. Maybe software to do it all for them would be a big seller. Also, couldn't they put a fake lock picture on it just the same?
Craig J. said:
Excellent article. Someone needed to do this and you did. I always wondered about those ads (as well as the late night TV ones too). Most interesting.
I do not know if you plan to do a follow up article, but I would be most quite interested to know if the earrings really got to the USA and were lost by the US Postal Service. All of the BS in the foreign countries I can understand, but if the earrings really did get sent by the Seller and someone at the USPS lost (most likely stole) your earrings, that would be a terrible indictment of where the USA is heading and not to be taken lightly. When we cannot even trust the USPS, that is a very sad day indeed.
Yusuke said:
good thing as I was never tempted to place a single click over those links... I allways mark them as spam
Ada said:
I never have been in such situation, but thanks for your article - it makes people think twice before purchasing from such 'companies'... And congratulations on your investigation, perfectly done! Kind Regards, Ada.
Justin said:
www.aeiwkee.com Is unfortunatly still up. So......eh.......i hate spammers
peggy said:
Great Info ! I had suspected as much but didnt know how to figure it out. I like my money way too much to let a stranger 'take' my money..... but in reality I guess I would be the one 'giving' it away if I ever clicked on the unsolicited email and their links. THANKS for the information !
Robert J. Wolfe said:
does this also apply to posters or print?
Eric said:
Quite fascinating! Good research. Thanks for shedding light on this internet mystery.
Geoff said:
Very nicely done.This should be done more often by internet groups just to keep tabs on these companies.A very interesting read,Thank You...
Geoff said:
Very nicely done.This should be done more often by internet groups just to keep tabs on these companies.A very interesting read,Thank You...
Robert said:
Looks like the website is up again. What shipper was used?
Robert,
Yes the site seems to go up and down. At one point it was down for over two weeks. I think that is a method used to stay off the radar screen. If ISP's or others in the community who track these scams see the site is down they might not pay attention to it. USPS was used.
Thanks,
Mark
Huey Rodgers said:
Hi Mark,
Thank you very much for this in-depth article. i have been trying to understand the complexity and the possibility of my personal details being used whilst , I purchased products on the internet. Site like yours, and the advice that you put online for computer illiterate like me is very helpful.
I look forward to other articles from you.
HUEY RODGERS.
Huey,
Thank you for taking the time to not only read the article, but to also post a comment. There can be many dangers when sending your personal information over the Internet. You never even know what malicious code might be installed on your system collecting your personal data. It is very important that you have the proper security safeguards on your system and keep them updated.
Thanks,
Mark
jjoensuu said:
Interesting!
I wonder if the crooks ever tried to max out the credit card, since it was for a $100 and only $77 was initially used...
JJoensuu,
Interesting you mention that because that was the purpose of writing the article. I was actually expecting to see other attempts on the card. I kept looking to see if there were transactions pending and there were none.
Thanks,
Mark
Alan Yates said:
A most interesting story. As a fitting epilogue, you might've followed through on how the Postal Service's lost your earrings. From the tracking information you provided, the last entry, "NOTICE LEFT," meant that a Postal Carrier attempted to deliver your earrings, but you weren't home. The Postal Carrier would then scan your package and input "NOTICE LEFT" and then leave you a completed Form 3849, which is the "Pink Slip" you would bring to the Post Office to retrieve your package.
But the Postal Service, also a somewhat shady operation, somehow inexcusably lost your package. Too bad, for now you'd never know whether you were sent earrings or some brass tacks. Still, how did you resolve your lost package with the Postal Service. I hope you didn't let them off the hook. Did you reported your lost to their website, usps.com?
Anyhow, I guess the bottom line, or moral of your story is, "don't buy anything from a spammer." I'm glad to say that I never buy from spammers and never will. As you know, spammers might send the same spam to millions of people, but they need only a small fraction, even <1 percent, of these people to respond and make a profit and thus feel encouraged to continue sending spam. So you can understand why I think anyone who buys from spammers should be stretched out and quartered.
Alan,
Thanks for the interesting comments. I did drive down to the post office and try to retrieve the package. There were unable to find it, or any record of it.
Thanks,
Mark
Beamer said:
It just shows what a different age we live in now, and how all those books out of the 1970's that show armed robbers cooling it off down to a plastic card armed robbery, is not exactly as romantic a notion as what it first sounded 40 years ago in the criminals of the future technology books - but would look very hilarious back then with hells angel thugs robbing an autoteller & pulling it off with oversized glasses, wigs and business suits in the days of knives, clubs , guns & hostages dragged by the tilted back head into vans.
But yes the prediction of this type of offence was dead right, but people in the future like you and me don't exactly hold it as a petty & trifle age of it.
Beamer,
Thank you for the comments. Yes it is interesting how the times, and types of money making schemes have changed over the time. It will be interesting to see how the landscape changes in the next 20 to 30 years.
Sincerely,
Mark
Beamer said:
It just shows what a different age we live in now, and how all those books out of the 1970's that show armed robbers cooling it off down to a plastic card armed robbery, is not exactly as romantic a notion as what it first sounded 40 years ago in the criminals of the future technology books - but would look very hilarious back then with hells angel thugs robbing an autoteller & pulling it off with oversized glasses, wigs and business suits in the days of knives, clubs , guns & hostages dragged by the tilted back head into vans.
But yes the prediction of this type of offence was dead right, but people in the future like you and me don't exactly hold it as a petty & trifle age of it.
Marcus said:
Judging from the comments I read the lead into the story "mislead" most people who did not click the button on the bottom for the full story. The lead story could have been a lot clearer in the fact that it was a scam start to finish. If a reader only read the lead intro, i could see how they were confused, but reading the whole story made a lot of sense.
cob said:
you're the man!
Enrique said:
Very interesting article.
John said:
Hey Mark, thanks for the great research. My wife is an internet shopaholic and she is the typical, "It won't happen to me" kind of girl... We read this together and her response was HOLY CRAP!!! I better just start going to the store!
John,
Thank you for taking the time to read and comment on the blog. As long as you take the necessary precautions while shopping online you should be okay. Things to keep in mind are to make sure your Anti-Virus and Anti-Spyware products are up to date; make sure that the site you are purchasing from is a legitimate site and not a fake look alike; never click on a link to take you to a site, but manually type it in, and make sure that the site is using SSL (check the browser pad lock as mentioned in the article). While there are other safety precautions that can be made I think these are some important ones.
Sincerely,
Mark
George Rounds said:
I read through this because I find It amusing to say the least that people fall into these traps so easily. With all this investigations though, I think it would be possible to take down these records by attacking their sources, and making sure that EVERY web shop be registered properly with a form of E-commerce system. where people can look them up and make sure they are legit.
Robintel said:
I guess that spam still exist because people "buy" stuff from such messages.
truman said:
good!!!! it's about time we educate ourselves on those who insist on plaguing us with these crimes.
Katrina Kee said:
I have read your article and found it to be vey interesting. Could you tell me some more about Malware and how to check your computer to see if you have it and how to get rid of those programs? My husband, on advice of his boss, visited a website concerning concert tickets (not to buy, but just looking around) for a heavy metal band from the 70's. Later that evening, I went online and discovered the home page was changed, and triple X-plus material plastered all over my computer screen, as well as dozens of triple X-plus junk literally "dumped" into my "Favorites" section. I thought I would throw up from all of the filth. No matter how much we deleted and tried to block, the garbage kept coming back at us. We knew that some site had placed a "cookie" onto the system, but couldn't locate them all. Finally, my husband made the system "crash" and reformatted the hard drive on our computer. All I could think of was thank goodness our two children didn't get onto the computer to play any of their favorite games and see this! We thought we had a good spyware system and we NEVER go to any of those types of sites. Believe me! I told my husband to not EVER take his bosses advice on web sites again! And he NEVER has since then. By the way, when his boss found out what happened, he thought it was quite funny.....
Katrina,
Thank you for taking the time to write such an interesting comment. There are many different ways that Malware can make it onto your system. You could click on an attachment that is or contains Malware in it. You can be enticed to visit a malicious website by receiving a link in an email or instant message. Just by having a browser that is not up to date on its patches can download malicious code to your system. To ensure that you are keeping your computer free from harm it is best to keep your Anti-Virus and Anti-Spyware programs up to date and constantly run scans. I would also ensure that your operating system and other installed applications are up to date with patches. A lot of this can be automated. Last, beware of social engineering. This can come in the form of spam, instant messaging etc. Someone is trying to get you to go to a site or open an attachment for a specific reason. As yourself why? Thanks,Markeg said:
intrestiting indeed
eg said:
intrestiting indeed
e
mohamad s.abbas said:
Last January,I bought an Austin-Healey 3000 for $5250 from what I thought was ebay.After sending off the money,I heard nothing from ebay or the sellar,who was located in Hilo Beach,Hawaii.Finally,ebay told me that the site was fraudulent,and to coctact law-enforcement agenciesDespite forwarding all relevant emails to the Publc Prosecuter and the local office of the FBI,I have yet to get my money back.Needless to say,I did not receive the car either.
Mohamad,
Sorry to hear about your unfortunate online shopping experience. It is unfortunate that there are always people out there trying to take advantage of others. With the boom of the Internet and the flatting of the world due to the Internet a lot of the crime can come from countries other than the US and some which make it harder to extradite people.Thanks,Mark
mohamad s.abbas said:
Last January,I bought an Austin-Healey 3000 for $5250 from what I thought was ebay.After sending off the money,I heard nothing from ebay or the sellar,who was located in Hilo Beach,Hawaii.Finally,ebay told me that the site was fraudulent,and to coctact law-enforcement agenciesDespite forwarding all relevant emails to the Publc Prosecuter and the local office of the FBI,I have yet to get my money back.Needless to say,I did not receive the car either.
Aleaha said:
Ha ha, I don't think I ever fell for the spam stuff in my box, I always though it was like the junk mail that comes though the post. But then again maybe my generation has been forwarned about sleez-balls online. If I'm going to shop online I usally stick to a business that I can find in my town. At least then you know its real. I've never ordered somthing online that didn't show up at my door, so I think I'm doing ok.
Alaine Tibberman said:
Like the merchandise ordered from the spammer-the goods promised in the header were NOT delivered in the text. Not gereralizable to what happens in general.
Sylvanus said:
Hi,
You really took some pains here but it is worth it as many will certainly beware of the "internet rats" that are all over the place. Am new on the internet. I used to think that once those things we usually look out for on the screen to make sure websites are genuine are there then one can go on and do the buying, but I think I know better now. Thank you very much.
Shyam said:
Very informative even for NOT a newbie like me :)
Thanks
Shyam said:
Very informative even for NOT a newbie like me :)
Thanks
Manav said:
nice article, a must read, though i am from the IT security background i would like to say that, people must not believe for everything what they receive in their mail boxes as there are always fraudsters at the other end, awake for you to be victim... :)
Manav,
Thanks for the comment. Yes you are very correct. There is always someone looking to take advantage of someone else.
Thanks,
Mark
Deepak Kaushal said:
It is a great information and thanks for trying to dig up this issue and spread the awareness about such frauds. Though such things should be vigilantly checked and eradicated by the cyber patrol. Hope this message reaches the cyber detectives and action begins soon. Once again great thanks for posting this issue.
Pat said:
Beautifull work ! It's very informative and it shows that it is possible to track down spammers and other malwarers.
There sould be an "international spam police" to do just that + the little more to nail the physical person.
Pat,
Thanks for the comments. I recently read about the predictions on the number of email messages that traverse the Internet and how many of them are Spam. I can't recall the number, but I was shocked.Thanks,
Mark
maria said:
This is so true, I kind of experienced this thing, they copied my e-mail add that goes on my bulk-mail. I was surprised that I have the same e-mail add from somebody and I think that's their trick for me to open my bulk mail cuz it's the same as my e-mail add! but I never opened it cuz I was thinking it might be a trick. So, what will going to happen now will they use my e-mail add to trick other people?
ida said:
i never never open spam letters i always delete all of them.. to hell to senders... they cannot fool me.
Chris said:
Amazing. The world of e-mail spam has become more clear to me than ever.
maria said:
This is so true, I kind of experienced this thing, they copied my e-mail add that goes on my bulk-mail. I was surprised that I have the same e-mail add from somebody and I think that's their trick for me to open my bulk mail cuz it's the same as my e-mail add! but I never opened it cuz I was thinking it might be a trick. So, what will going to happen now will they use my e-mail add to trick other people?
Kent said:
So, the real criminal here is the US Postal Service ineptness.
What a wild story ! EVERYONE knows the US Postal Service never lets you down .... he he he
KUDOS for your hard work.
Lovemore Nanjaya said:
Thanks for the info. I do receive e-mails from some people or businesses offering all sorts of things including satelite tv on the PC. I don't even open them.
Hey, if you receive mail who's subject begins with "Re:" implying a reply when you know you never sent any such message, does it mean you computer is infected? What are the likly reasons/possibilities and how can one be protected against such?
Can you write an article on this? Thanks.
L. Nanjaya,
Lovemore,
Thanks for the comments. A common social engineering tactic is for people to craft emails with the FW: or RE: in the subject implying that you sent them something or that someone is specifically forwarding something to you. These are nothing more that social engineering tactics.Sincerely,MarkDeltatr said:
Dear Mark,
Your post is actually an eye opener. You have been able to uncover the metadata behind these scams, and I thank you for educating those who are still in doubt and those who want to take chances. With more spam than genuine emails landing on our inboxes, we have become more diffident, to the point where we don't know who to trust. What do you do when you get a message from an entity posing as Google or Yahoo!? Thank God for vigilantes and risk takers like yourself, who go all the way to divulge the real story through spending their own hard-earned cash so others don't fall in similar traps. Bravo!
Daryl K Cornelius said:
thanks Mark, I'll send this info on to my daughters and hopefully keep them from making this type of mistake
Dakota Joe said:
Fascinating. Thanks for the legwork you did setting this all up and tracking it. Interesting and useful!
Desiree AC, Philippines said:
Finally, someone did really track what goes on behind the scenes when someone follows a spam and 'lived' to report it! For us mere users, who are not at all equipped with what you call the sniffer that did all the tracking and I assume something else that protected you from whatever else that could be included in the mere click of a spam link, there is no chance we could survive your adventure (despite all the anti-spam, anti-spyware, anti-virus tools we thought would keep us from those with malicious intents on getting our vital information and use them against us) without experiencing system crashes afterwards and then losing everything.
Your report is truly very enlightening.
Desiree,
Thanks for your comments. While the article was fun to write it does show you the levels of deception that people will go to run a scam.Thanks,
Mark
Carl Latona said:
Hi Mark,
I enjoyed your story very much and it was extremely informative, and a bit scary, too! I hope very much that folks never see our web site as similar to the one you just decribed here.
Best wishes,
Carl Latona
Wondertrail.com
Community Oultet, LLC
aJ said:
tnx for the info! nice story. very funny and informative. im also curious about that.
MJ in FW said:
I found this article to be very informative.The researcher spent considerant time, not to mention his money, just to tract down these scam apams and let the public beware. Thank you for your effort.
Nancy said:
Thank you for this article!! I really enjoyed reading the whole story instead of the brief summary gave in Yahoo. Lesson learned: Buy real earings to your wife and not cheap replicas!
Nancy,
Thanks for the comments. Yes I don't think that I will tell my wife that I was going to buy her replica earings.
Thanks,
Mark
Wayne said:
When you looked up the top-esupport.com domain and saw "CSMJBS Enterprise", this is because AIT Domains (a domain registrar) will set your domain registration information that way by request if you would your contact details private. They did not charge me extra when I had them do that for my domains. I was a little confused about the private contact details they entered since they are different than the private registration example provided on the AIT Domains website.
Possibly, you did not receive the package because you did not use your real name for the credit card, and that information also doubled as who the package was to be delivered to.
Sophie Ferguson said:
I found that a very interesting read,and Im sure it will be alot of help to people who usually buy things online, I don't as such, because I dont have money to buy anything with as I am only in my early teens^__^ , but its nice to know that you and other people are ensuring the safety of purchasing items on the internet.
Tony Gunther said:
Thank You very much for your research on this,,,it's an eye opener...I've always been wary of using my credit card on line anyway...and I tell my family not too just for that reason...if i can't pay cash for it...then I don't need it
Sangindiva said:
This was a very good article.
I got dupped by a scam once (and I thought I was "internet savy")
Thank you for taking us on the journey :)
curiosity killed the cat said:
i wonder if the tracking number is legit or bogus and if it were really shipped.
Curiosity Killed the Cat,
I do think that the tracking number was real because I was able to track it through the shippers online tracking system. So something was shipped, but was mysteriously lost at the post office. Unfortunately we will never know what was in the box.
Sincerely,
Mark