Re: Retry: Yet another attempt to defraud egold!

Fri, 15 Nov 2002 15:24:02 -0800

Don't obsess on the message headers. Look at the scam site (the URL is cloaked in the e-mail):

https://www.e-gold.cc/acct/manager.htm

Unencoded, the HTML appears to be stuffing stolen account info into a page called https://a.e-gold.cc/acct.php

In other words, there's no throwaway Hotmail drop box, etc. All the goods are right on that server, which appears to be hosted by Hurricane Electric (he.net) in Cal.

They even have an SSL certificate, although you don't need to use https to access the site.

Clever scam, but I wonder how many victims they can hope for. It sounds like they're blindly spamming out that e-maill and don't have a customer list, although they could probably put one together from here: http://www.e-gold.com/unsecure/lists.html

Brian


At 01:02 PM 11/15/2002, Tim May wrote:
On Friday, November 15, 2002, at 08:59  AM, Tim May wrote:
I received a similar letter, and also one from PayPal/EBay which was
quite similar in language. The full headers of the E-gold letter are
included at the end of this message.
Here are the headers of the E-gold message I got:

From:

[demime 0.97c removed an attachment of type image/tiff which had a name of image.tiff]

The headers got "demimed," at least on the version I got back from lne.com.

So, I hope what follows is plain text only. (My editors say it is.)

From [EMAIL PROTECTED] Fri Nov 15 08:05:42 2002
Received: by sphinx (mbox tcmay)
(with Cubic Circle's cucipop (v1.31 1998/05/13) Fri Nov 15 08:10:44 2002)
X-From_: [EMAIL PROTECTED] Fri Nov 15 07:31:14 2002
Return-Path: <[EMAIL PROTECTED]>
Received: from psmtp.com (exprod5mx17.postini.com [64.75.1.157])
by sphinx.got.net (8.12.2/8.12.2/Debian -5) with SMTP id gAFFVDap010192
for <[EMAIL PROTECTED]>; Fri, 15 Nov 2002 07:31:14 -0800
Received: from source ([24.51.87.108]) by exprod5mx17 ([64.75.1.245]) with SMTP;
Fri, 15 Nov 2002 10:31:13 EST
Received: from 216.53.150.250 (HELO maple.omnipay.net)
by smtp.c000.snv.cp.net (209.228.32.87) with SMTP; Fri, 15 Nov 2002 15:31:32 +0000
Received: by MAPLE with Internet Mail Service (5.5.2655.55)
id <TBHXL3DL>; Fri, 15 Nov 2002 15:31:32 +0000
From: "Service EG" <[EMAIL PROTECTED]>
To: "e-gold customer" <[EMAIL PROTECTED]>
Subject: [e-gold-service] We have set a value limit on your e-gold account
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Internet Mail Service (5.5.2655.55)
Date: Fri, 15 Nov 2002 15:31:32 +0000
Message-ID: <h0jrog#fxvwrphuh0jrog#fxvwrphu@MAPLE>
Mime-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"





















					Reply via email to