RE: [Vo]:Re: Has Vortex been Compromised?
LOL! I suppose the poor spelling and grammar may be another tip-off! -Original Message- From: j...@mail941c35.nsolutionszone.com [mailto:j...@mail941c35.nsolutionszone.com] On Behalf Of Taylor J. Smith Sent: Wednesday, October 21, 2009 11:58 AM To: vortex-l@eskimo.com Subject: [Vo]:Re: Has Vortex been Compromised? Michel wrote on 10-21-09: Steven, although hijacking the email addresses of vortex posters would be extremely easy, without Bill being able to do anything about it (if you don't know how, ask me privately), since I myself didn't get the request and no other vo than Jack said he did, my guess would be that Jack himself has an eskimo account, whose details the scammer was trying to obtain. Or maybe it was sent indiscriminately to the scammer's email database, eskimo or not, in the hope that it would reach enough eskimo account holders. This kind of scam is called phishing BTW, it's very common and most often used to obtain access to the means of payment (paypal, bank account etc) of the most gullible among the addressees. Nothing one can do about it, except ignoring it. Hi All, 10-21-09 Enclosed below is the spoof email with the complete header. I added the # at the beginning of each line of the header. Jack Smith --- # From spam...@singnet.com.sg Wed Oct 21 11:08:38 2009 # X-Spam-Flag: NO # X-Envelope-From: freenrg-l-requ...@eskimo.com # Return-Path: freenrg-l-requ...@eskimo.com # Received: from ultra6.eskimo.com (ultra6.eskimo.com [204.122.16.69]) # by mail910c35.nsolutionszone.com (8.13.6/8.13.1) with ESMTP id n9KGAHv6030802 # for tj...@centurytel.net; Tue, 20 Oct 2009 12:10:19 -0400 # Received: from ultra6.eskimo.com (localhost [127.0.0.1]) # by ultra6.eskimo.com (8.14.2/8.14.3) with ESMTP id n9KG9U81025089; # Tue, 20 Oct 2009 09:09:30 -0700 # Received: (from smart...@localhost) # by ultra6.eskimo.com (8.14.2/8.12.10/Submit) id n9KG9P71024950; # Tue, 20 Oct 2009 09:09:25 -0700 # Resent-Date: Tue, 20 Oct 2009 09:09:24 -0700 # X-Authentication-Warning: ultra6.eskimo.com: smartlst set sender to freenrg-l-requ...@eskimo.com using -f # X-Authentication-Warning: arrowana.singnet.com.sg: cooluser set sender to spam...@singnet.com.sg using -f # To: helpd...@eskimo.com # Message-ID: 1256054693.4adddfa58f...@arrowana.singnet.com.sg # Date: Wed, 21 Oct 2009 00:04:53 +0800 (SGT) # From: ESKIMO SUPPORT TEAM spam...@singnet.com.sg # Reply-To: team...@yahoo.com.hk # MIME-Version: 1.0 # Content-Type: text/plain; charset=iso-8859-1 # Content-Transfer-Encoding: 8bit # User-Agent: SingNet WebMail # Resent-Message-ID: qurvkd.a.pfg.0ce...@ultra6.eskimo.com # Resent-From: freenr...@eskimo.com # X-Mailing-List: freenr...@eskimo.com archive/latest/25797 # X-Loop: freenr...@eskimo.com # List-Post: mailto:freenr...@eskimo.com # List-Help: mailto:freenrg-l-requ...@eskimo.com?subject=help # List-Subscribe: mailto:freenrg-l-requ...@eskimo.com?subject=subscribe # List-Unsubscribe: mailto:freenrg-l-requ...@eskimo.com?subject=unsubscribe # Precedence: list # Resent-Sender: freenrg-l-requ...@eskimo.com # Subject: [FG]: Unidentified subject! # X-MMR: 0 # X-Antivirus: Scanned by F-Prot Antivirus (http://www.f-prot.com) Dear eskimo.com Subscriber, We are currently carrying-out a mantainace process to your eskimo.com account, to complete this, you must reply to this mail immediately, and enter your User Name here () And Password here (...) if you are the rightful owner of this account. This process we help us to fight against spam mails.Failure to summit your password, will render your email address in-active from our database. NOTE: If your have done this before, you may ignore this mail. You will be send a password reset messenge in next seven (7) working days after undergoing this process for security reasons. Thank you for using eskimo.com! THE eskimo.com TEAM
Re: [Vo]:Re: Has Vortex been Compromised?
Ok so you are subscribed to Bill's freenr...@eskimo.com mailing list, to which the spammer posted the phishing message, having previously subscribed a disposable address (spam...@singnet.com.sg) from which he posted. Bill probably unsubscribed the address as soon as he received the incriminated message, but the harm was done. Michel 2009/10/21 Taylor J. Smith tj...@centurytel.net: Michel wrote on 10-21-09: Steven, although hijacking the email addresses of vortex posters would be extremely easy, without Bill being able to do anything about it (if you don't know how, ask me privately), since I myself didn't get the request and no other vo than Jack said he did, my guess would be that Jack himself has an eskimo account, whose details the scammer was trying to obtain. Or maybe it was sent indiscriminately to the scammer's email database, eskimo or not, in the hope that it would reach enough eskimo account holders. This kind of scam is called phishing BTW, it's very common and most often used to obtain access to the means of payment (paypal, bank account etc) of the most gullible among the addressees. Nothing one can do about it, except ignoring it. Hi All, 10-21-09 Enclosed below is the spoof email with the complete header. I added the # at the beginning of each line of the header. Jack Smith --- # From spam...@singnet.com.sg Wed Oct 21 11:08:38 2009 # X-Spam-Flag: NO # X-Envelope-From: freenrg-l-requ...@eskimo.com # Return-Path: freenrg-l-requ...@eskimo.com # Received: from ultra6.eskimo.com (ultra6.eskimo.com [204.122.16.69]) # by mail910c35.nsolutionszone.com (8.13.6/8.13.1) with ESMTP id n9KGAHv6030802 # for tj...@centurytel.net; Tue, 20 Oct 2009 12:10:19 -0400 # Received: from ultra6.eskimo.com (localhost [127.0.0.1]) # by ultra6.eskimo.com (8.14.2/8.14.3) with ESMTP id n9KG9U81025089; # Tue, 20 Oct 2009 09:09:30 -0700 # Received: (from smart...@localhost) # by ultra6.eskimo.com (8.14.2/8.12.10/Submit) id n9KG9P71024950; # Tue, 20 Oct 2009 09:09:25 -0700 # Resent-Date: Tue, 20 Oct 2009 09:09:24 -0700 # X-Authentication-Warning: ultra6.eskimo.com: smartlst set sender to freenrg-l-requ...@eskimo.com using -f # X-Authentication-Warning: arrowana.singnet.com.sg: cooluser set sender to spam...@singnet.com.sg using -f # To: helpd...@eskimo.com # Message-ID: 1256054693.4adddfa58f...@arrowana.singnet.com.sg # Date: Wed, 21 Oct 2009 00:04:53 +0800 (SGT) # From: ESKIMO SUPPORT TEAM spam...@singnet.com.sg # Reply-To: team...@yahoo.com.hk # MIME-Version: 1.0 # Content-Type: text/plain; charset=iso-8859-1 # Content-Transfer-Encoding: 8bit # User-Agent: SingNet WebMail # Resent-Message-ID: qurvkd.a.pfg.0ce...@ultra6.eskimo.com # Resent-From: freenr...@eskimo.com # X-Mailing-List: freenr...@eskimo.com archive/latest/25797 # X-Loop: freenr...@eskimo.com # List-Post: mailto:freenr...@eskimo.com # List-Help: mailto:freenrg-l-requ...@eskimo.com?subject=help # List-Subscribe: mailto:freenrg-l-requ...@eskimo.com?subject=subscribe # List-Unsubscribe: mailto:freenrg-l-requ...@eskimo.com?subject=unsubscribe # Precedence: list # Resent-Sender: freenrg-l-requ...@eskimo.com # Subject: [FG]: Unidentified subject! # X-MMR: 0 # X-Antivirus: Scanned by F-Prot Antivirus (http://www.f-prot.com) Dear eskimo.com Subscriber, We are currently carrying-out a mantainace process to your eskimo.com account, to complete this, you must reply to this mail immediately, and enter your User Name here () And Password here (...) if you are the rightful owner of this account. This process we help us to fight against spam mails.Failure to summit your password, will render your email address in-active from our database. NOTE: If your have done this before, you may ignore this mail. You will be send a password reset messenge in next seven (7) working days after undergoing this process for security reasons. Thank you for using eskimo.com! THE eskimo.com TEAM
