Wednesday, April 1, 2009

Beware! Spammers Are Active Once Again!

Yesterday, I received this email which at first glance came from Yahoo.


From:
"Yahoo! Inc©"
To:
undisclosed-recipients
Dear User,

We are sorry to inform you that we are currently working on securing our
server, during this process account which is not manually verified by us
will be deleted, Please confirm and submit your information for manual
verification by one of our customer care.

Information which is to be provided is below:
User Name:
User Id:
Password:
Date Of Birth:
Country (At Sign up):

Upon confirmation of information from you, we will manually verify your
Yahoo! Account and reserve it not to be deleted, We are sorry for any
inconveniences this might have cause providing your information over the
email.

Warning!!! Account owner that refuses to update his/her account after two
weeks of receiving this warning will lose his or her account permanently.
_____________________________________________________________________________

Copyright © 2009 Yahoo! Inc. All rights reserved. Copyright/IP Policy |
Terms of Service | Guide to Online Security

NOTICE: We collect personal information on this site.

To learn more about how we use your information, see our Privacy Policy.



I was intimidated by the warning that my account will be deleted in two weeks if I don't send the information they want. I already drafted a reply and was about to send it when I thought something seems to be fishy. I took a second look at the email and it seemed to be authentic. But, still deep inside, I felt something's wrong somewhere. So I went back to the yahoo mail and pressed the "full headers" button at the bottom to get the full ip address of the sender. If it was Yahoo, then their ip address will show, however, this is what I got:


From Yahoo! Inc Mon Mar 30 22:13:52 2009
Return-Path:
Authentication-Results:
mta476.mail.mud.yahoo.com from=; domainkeys=neutral (no sig); from=; dkim=neutral (no sig)
Received:
from 209.239.36.229 (EHLO host4.oneononeinternet.com) (209.239.36.229) by mta476.mail.mud.yahoo.com with SMTP; Mon, 30 Mar 2009 15:14:38 -0700
Received:
from xiir.com (localhost [127.0.0.1]) by host4.oneononeinternet.com (8.12.11.20060614/8.12.10) with ESMTP id n2UMDqXQ017217; Mon, 30 Mar 2009 18:13:52 -0400

Please take note of the url - EHLO host4.oneononeinternet.com! I googled this url and found out it was connected with several internet scams!



Among the scams it spawned in the web were "Payment Advice From Nigeria US$18 Million", and the "Gainsborough Furniture" scams.

Please beware of this url which has an ip address at 209.239.36.229, and turned out to be in Maryland, USA!

I nearly sent my email details. It was a good thing I had second thoughts about it. Lesson learned: Double check and be suspicious of any url asking for your private data!






Reblog this post [with Zemanta]

1 comment:

  1. All of these legit websites always say that they will never e-mail you and request your username and password information. But I'm glad you didn't fall for it.

    I've checked full headers in the past and contacted the spammer's ISP to report them for violating their terms of use. **sinister laugh**

    ReplyDelete