• Welcome to the LegalBeagles Consumer and Legal Forum.
    Please Register to get the most out of the forum. Registration is free and only needs a username and email address.
    REGISTER
    Please do not post your full name, reference numbers or any identifiable details on the forum.

Post up and share your examples of spam phishing emails messages #scamaware

Collapse
Loading...
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #46
    Re: Post up and share your examples of spam phishing emails messages #scamaware

    yes and if im ever in doubt about my paypal in particular i find the paypal saite via a google search but your right about the address as its an easy giveaway

    Comment


    • #47
      Re: Post up and share your examples of spam phishing emails messages #scamaware

      Originally posted by sonic71 View Post
      yes and if im ever in doubt about my paypal in particular i find the paypal saite via a google search but your right about the address as its an easy giveaway
      If you want to manage your PayPal account, you should always go directly to their website and log in from there, rather than clicking on any links sent on an email, to be on the safe side. :thumb:

      Comment


      • #48
        Re: Post up and share your examples of spam phishing emails messages #scamaware

        i ALSO just got one of them notice to appear

        Notice to Appear,

        Enclosed please find the copy of the court notice for the case
        mentioned above.

        Truly yours,
        Clerk to the Court.
        Evie Tailor



        DC_Court_Notice_UN_LS6361.zip (95 KB)

        Archive Name: DC_Court_Notice_UN_LS6361.zip
        Archive File Size: 71381 bytes
        File Count: 1 file

        Attributes Size Modified Date Method Ratio
        --------------------------------------------------------------------------
        Court_Notice... -A--- 110592 22-May-2014 09:33 Deflated 64.4%
        --------------------------------------------------------------------------

        the zip file come compleat with

        3 trojans for known windows vulnerabilities
        a few browsers redirectors for IE
        blocking files for AV products.


        here are the headders

        Return-path: <support556@dwi-injury-lawyers.com>
        Envelope-to: ######################
        Delivery-date: Thu, 22 May 2014 14:21:23 +0100
        Received: from [69.198.209.81] (port=2093 helo=dwi-injury-lawyers.com) ####### heres the info we need ####
        by ultra10.extendnet.co.uk with smtp (Exim 4.82)
        (envelope-from <support556@dwi-injury-lawyers.com>)
        id 1WnSvu-0001S2-Lg
        for #####################; Thu, 22 May 2014 14:21:20 +0100
        Message-ID: <002f01cf75c0b313d2286600a8c0@Michael>
        From: "Notice of Appearance" <support556@dwi-injury-lawyers.com>
        To: <#######################>
        Subject: Notice to appear
        Date: Thu, 22 May 2014 09:21:11 -0400
        MIME-Version: 1.0
        Content-Type: multipart/mixed;
        boundary="----=_NextPart_000_002A_01CF759F.2BFFADA0"
        X-Priority: 3
        X-MSMail-Priority: Normal
        X-Mailer: XimianEvolution1.4.6
        X-MimeOLE: Produced By XimianEvolution1.4.6
        X-eXtendnet-MailScanner-Information: Please contact the ISP for more information
        X-eXtendnet-MailScanner-ID: 1WnSvu-0001S2-Lg
        X-eXtendnet-MailScanner: Found to be clean
        X-eXtendnet-MailScanner-SpamCheck: not spam, SpamAssassin (not cached,
        score=0.343, required 5, BAYES_00 -1.90, HTML_MESSAGE 0.00,
        RCVD_IN_BRBL_LASTEXT 1.45, RDNS_NONE 0.79)
        X-eXtendnet-MailScanner-From: support556@dwi-injury-lawyers.com
        X-eXtendnet-MailScanner-Watermark: 1401369680.25616@Rk7UNlP4LBtfLaw8J5DRBQ
        X-Spam-Status: No

        This is a multi-part message in MIME format.

        ------=_NextPart_000_002A_01CF759F.2BFFADA0
        Content-Type: multipart/alternative;
        boundary="----=_NextPart_001_002B_01CF759F.2BFFADA0"


        ------=_NextPart_001_002B_01CF759F.2BFFADA0
        Content-Type: text/plain;
        charset="iso-8859-1"
        Content-Transfer-Encoding: 8bit

        Notice to Appear,

        Enclosed please find the copy of the court notice for the case
        mentioned above.

        Truly yours,
        Clerk to the Court.
        Evie Tailor


        ------=_NextPart_001_002B_01CF759F.2BFFADA0
        Content-Type: text/html;
        charset="iso-8859-1"
        Content-Transfer-Encoding: 8bit

        <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
        <HTML>
        <BODY>
        Notice to Appear,<BR>
        <BR>
        Enclosed please find the copy of the court notice for the case mentioned above.<BR>
        <BR>
        Truly yours,<BR>
        Clerk to the Court.<BR>
        Evie Tailor<BR>
        </BODY>
        </HTML>

        ------=_NextPart_001_002B_01CF759F.2BFFADA0--

        ------=_NextPart_000_002A_01CF759F.2BFFADA0
        Content-Type: application/x-zip-compressed;
        name="DC_Court_Notice_UN_LS6361.zip"

        Content-Disposition: attachment;
        filename="DC_Court_Notice_UN_LS6361.zip"



        ....... the rest is just the file......

        and here is the site registrants details......

        Domain Name: DWI-INJURY-LAWYERS.COM
        Registry Domain ID: 1567114562_DOMAIN_COM-VRSN
        Registrar WHOIS Server: whois.godaddy.com
        Registrar URL: http://www.godaddy.com
        Update Date: 2009-08-27 14:12:47
        Creation Date: 2009-08-27 14:12:46
        Registrar Registration Expiration Date: 2014-08-27 14:12:46
        Registrar: GoDaddy.com, LLC
        Registrar IANA ID: 146
        Registrar Abuse Contact Email: abuse@godaddy.com
        Registrar Abuse Contact Phone: +1.480-624-2505
        Domain Status: clientTransferProhibited
        Domain Status: clientUpdateProhibited
        Domain Status: clientRenewProhibited
        Domain Status: clientDeleteProhibited
        Registry Registrant ID:
        Registrant Name: Donald Kaufman ############## the following 3 lines are what we need########
        Registrant Organization: Absolutely Write Inc.
        Registrant Street: 3 Wilner Rd
        Registrant City: Somers
        Registrant State/Province: New York
        Registrant Postal Code: 10589
        Registrant Country: United States
        Registrant Phone: +1.9142485101
        Registrant Phone Ext:
        Registrant Fax:
        Registrant Fax Ext:
        Registrant Email: domainsales@absolutelywrite.com
        Registry Admin ID:
        Admin Name: Donald Kaufman
        Admin Organization: Absolutely Write Inc.
        Admin Street: 3 Wilner Rd
        Admin City: Somers
        Admin State/Province: New York
        Admin Postal Code: 10589
        Admin Country: United States
        Admin Phone: +1.9142485101
        Admin Phone Ext:
        Admin Fax:
        Admin Fax Ext:
        Admin Email: domainsales@absolutelywrite.com
        Registry Tech ID:
        Tech Name: Donald Kaufman
        Tech Organization: Absolutely Write Inc.
        Tech Street: 3 Wilner Rd
        Tech City: Somers
        Tech State/Province: New York
        Tech Postal Code: 10589
        Tech Country: United States
        Tech Phone: +1.9142485101
        Tech Phone Ext:
        Tech Fax:
        Tech Fax Ext:
        Tech Email: domainsales@absolutelywrite.com
        Name Server: NS09.DOMAINCONTROL.COM ################ we can do funny and intersting things with these details######
        Name Server: NS10.DOMAINCONTROL.COM
        DNSSEC: unsigned
        URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
        Last update of WHOIS database: 2014-5-24T12:00:00Z


        So, Mr spammy Donnald thinks its ok to spam me with viruses............ mmmmmm... he he, i dont get mad i get even..... i think mr Spammy systems are about to get rather busy
        Last edited by Crazy council; 24th May 2014, 12:21:PM. Reason: adding stuff
        crazy council ( as in local council,NELC ) as a member of the public, i don't get mad, i get even

        Comment


        • #49
          Re: Post up and share your examples of spam phishing emails messages #scamaware

          DDoS ?
          Any opinions I give are my own. Any advice I give is without liability. If you are unsure, please seek qualified legal advice.

          IF WE HAVE HELPED YOU PLEASE CONSIDER UPGRADING TO VIP - click here

          Comment


          • #50
            Re: Post up and share your examples of spam phishing emails messages #scamaware

            May be hijacking of an innocent 3rdy party with a spoofed sender/refereces to gain limited legitimacy, to get people to open the attachment and infect their system.

            Whole thing is geared to that in the end. Which has likely nothing to do anything mentioned in the email.

            Comment


            • #51
              Re: Post up and share your examples of spam phishing emails messages #scamaware

              hi

              DDoS ?
              .

              that just annoys people and only really any use on sites that take payments or have large amounts of visits, but was fun for the likes of playstation/paypal ect.

              With scams like this, my friend ( cough cough ), tends to try and track down there email servers, then encrypt all there records. its the least illegal way to deal with these type people... I suppose what's more interesting for me is what type of trojans and browse hacks they are using, it sort of tells you how competent they are..... and wither they have just copied know exploits thatr are in the wild, or are buying unpublished ones......
              crazy council ( as in local council,NELC ) as a member of the public, i don't get mad, i get even

              Comment


              • #52
                Re: Post up and share your examples of spam phishing emails messages #scamaware

                Dear Customer,

                Suspicious Debit Card Activity,
                We have suspended your natwest debit card.Follow the link below to verify your account with us before your debit card can be re-opened for use.

                Verify Your account immediately.
                Thank You,

                NatWest Security Department.

                Linky removed by me but went to: romannoti.com/wp-content/themes/twentytwelve/inc/wp.htm. Obviously a subsidiary of NatWest! msl: msl: msl:

                Besides, my only association with NatWest would have been to have been working next to Tower42 until 2003!:rofl:

                Comment


                • #53
                  Re: Post up and share your examples of spam phishing emails messages #scamaware

                  Apparently i have a voice mail,:tinysmile_aha_t: just need to unzip this dodgy file first. BUT I WENT DIGGING

                  You have a new Voice Message!Sender: +07768 101341
                  Date: 2014.05.24 15:24:17 UTC
                  ID: 2014.05.26_D244413DC



                  voice_message_2014.05.26_D244413DC.zip (101 KB)

                  Archive Name: voice_message_2014.05.26_D244413DC.zip
                  Archive File Size: 75647 bytes
                  File Count: 1 file

                  Attributes Size Modified Date Method Ratio
                  --------------------------------------------------------------------------
                  ---- 119296 26-May-2014 15:24 Deflated 63.1%
                  --------------------------------------------------------------------------
                  The email source shows sender %%%%%@leandergroup.co.uk.spam.spam

                  But, the website looks legit, a building services co, name registered in 2005 and the whois looks legit........

                  mmmmm, me thinks, apart from very old virus in the ZIp, why would they point to a legit site.... Then i looked at the source code for the site...

                  <link href="style/patches/patch_sliding_door.css" rel="stylesheet" type="text/css" />
                  <![endif]-->
                  </head>
                  <body>
                  <p style="position:absolute; left:-2250px; top:-1150px;">We provide services in <a href="pamspamspam" title="replica handbags"><b>replica handbags</b></a>,We work closely with <a href=pamspamspam" title="rolex replica uk"><b>rolex replica uk</b></a>,We have the ability to offer <a href=pamspamspam" title="replica watches"><b>replica watches</b></a>,2014 new products come,please visit <a href=pamspamspam title="2014 new replica watches">replica watches</a>,Buy good exact Swiss <a title="replica watches" href=pamspamspam"><strong>replica watches</strong></a> ,uk replica watches online store,please visit <a href=pamspamspam>replica watches</a></p>
                  <div id="page_margins">
                  <div id="page">
                  <div id="header">
                  <div id="title" class="center">
                  Further down the page, there are about 20 other links like this

                  <a href=----deleted spam -->louis vuitton outlet</a>
                  And i bet the site owners dont know thats been injected in there....

                  am just having a look around the site because the source of the email has what looks like a hook in the return address, and am looking through the source of all site pages to find the trigger.......so i can follow it...... :doggieyes: am using a secure browser, i would not visit that site with IE, the exploit on the fist page is for IE browser only.....

                  Sorry for the long post but i just though some of you might be interested in how the mechanics of these scam emails actually work and how they are done.

                  The people that have done the above, have don it so all there traffic initially goes through a legitimate site, thus avoiding spam servers, and thats why such obvious scam mail like this dont get noticed by the servers as spam..... becuase there route is a known legit one
                  Last edited by Crazy council; 26th May 2014, 19:20:PM. Reason: left spammy links in by mistake
                  crazy council ( as in local council,NELC ) as a member of the public, i don't get mad, i get even

                  Comment


                  • #54
                    Re: Post up and share your examples of spam phishing emails messages #scamaware

                    They seem to hack a lot of vulnerable wp sites or just random sites with easy server access, the last zip file I safely unpacked even included a list of IP's which if detected went straight to a " **** You! " page, obviously they have a few Law enforcement Ip's stashed away too
                    Any opinions I give are my own. Any advice I give is without liability. If you are unsure, please seek qualified legal advice.

                    IF WE HAVE HELPED YOU PLEASE CONSIDER UPGRADING TO VIP - click here

                    Comment


                    • #55
                      Re: Post up and share your examples of spam phishing emails messages #scamaware

                      Had two in junk one of the "notice to appear" identical to one posted earlier.
                      The other an invite to invest in " a new oppertunity to invest in web design"
                      Sorry not worked out how to post or copy here.
                      Reported to e mail host and deleted
                      Never give up, Never surrender.

                      Comment


                      • #56
                        Re: Post up and share your examples of spam phishing emails messages #scamaware

                        Wp is great but people dont update it regularly, and some of the widget get hijacked. Older versions of WP you can inject code to escalate privileges easily, and i can graft a google search to find 100s of vulnerable sites, run an injector against them ( i dont and would not do that ), then any pc that has IE uppached that visits it, is open to whatever i want to driveby-install..... thats the easyest way to build up a bot army ( i dont do that )....... Thats what i look through the scam mail for.... people trying to build botnets....so i can have a nose around...... :tinysmile_twink_t2:....

                        he last zip file I safely unpacked even included a list of IP's which if detected went straight to a " **** You! " page, obviously they have a few Law enforcement Ip's stashed away too
                        so funny, i have seen code with specific messages to law enforcement departments in america, taunting them... the more modern ones pull an IP avoid or attack lists from servers just prior to attack.. thus being impossible to understand what its trying to attack prior the attack starting, unless you can find the feeder server,
                        Last edited by Crazy council; 26th May 2014, 20:23:PM. Reason: adding stuff
                        crazy council ( as in local council,NELC ) as a member of the public, i don't get mad, i get even

                        Comment


                        • #57
                          Re: Post up and share your examples of spam phishing emails messages #scamaware

                          Originally posted by Tools View Post
                          They seem to hack a lot of vulnerable wp sites or just random sites with easy server access, the last zip file I safely unpacked even included a list of IP's which if detected went straight to a " **** You! " page, obviously they have a few Law enforcement Ip's stashed away too
                          Originally posted by Crazy council View Post
                          Sorry for the long post but i just though some of you might be interested in how the mechanics of these scam emails actually work and how they are done.

                          The people that have done the above, have don it so all there traffic initially goes through a legitimate site, thus avoiding spam servers, and thats why such obvious scam mail like this dont get noticed by the servers as spam..... becuase there route is a known legit one
                          One of the servers I use was hacked in November 2012, via Wordpress. I had some sites I'd set up just as demos that I wasn't really worried about so I'd left the login as 'admin'. They went through one of them and injected code into several web pages, causing them to automatically redirect to spammy sites. The hosting company contacted me, asking me to clean or remove certain files, only when I went through the cPanel file manager, there were no files there! :scared: It turns out they had removed permissions after receiving complaints about the sites, only they went too far and removed my permissions too. It was all sorted and they've not been hacked since, however, that particular hosting company disabled all WP logins on and off last year. :mad2:

                          The sites were hacked by international spammers, sites redirected mostly to Russian sites.

                          Comment


                          • #58
                            Re: Post up and share your examples of spam phishing emails messages #scamaware

                            I am Mr. Algoth Cyprian, an Accountant with Lloyds Bank, I am the personal Account Manager to Late Mr. Enevald Helmut.

                            On the 21st of April 2008, Mr. Enevald Helmut (Herein after shall be referred to as my client), his wife and their two children were involved in a car accident in London. Unfortunately they all lost their lives in the event of the accident, since then I have made several inquiries to locate any of my client's extended relatives, this has also proved unsuccessful. After these several Unsuccessful attempts, I decided to trace his relatives over the Internet, to locate any member of His family but of no avail, hence I contacted you to stand as his next of kin.

                            I contacted you to assist in repatriating the money in addition, property left behind by my client before they get Confiscated or declared unserviceable by the bank where this huge deposits were lodged. Particularly, Lloyds Tsb Bank Plc, where the deceased had an account valued at about Six hundred thousand Great British Pounds. Consequently, the bank issued me a notice to provide the Next of Kin or have the account confiscated within the next twenty official working days.

                            Since I have been unsuccessful in locating the relatives for over 2 years now I seek your consent to present you as the next of kin of the deceased based on the fact that you are a foreigner so that the proceeds of this account valued at about six hundred thousand Great British Pounds can be paid to you and then you and I can share the money. 50% to me and 40% to you, while 10% should be for expenses or tax as your government may require. An attorney will be contracted to help re-validate and notarize all the necessary legal documents that can be used to back up any claim we make. All I require is your honest cooperation to enable us sees this deal through. I guarantee that this will be executed under a legitimate arrangement that will protect you from any breach of the law.

                            To enable us discuss further, I would like you to send me the following information so I can open up a next of kin file on your behalf here in the bank.

                            1. Name in full:
                            2. Address:
                            3. Nationality:
                            4. Age/Sex:
                            5. Occupation:
                            6. Direct Phone number:

                            Best regards,
                            Mr. Algoth Cyprian
                            +44-703-196-3049
                            Being a 'foreigner' automatically makes me the deceased's next of kin! msl: msl: msl:

                            I wonder how he found that out... :confused2: :noidea:

                            Comment


                            • #59
                              Re: Post up and share your examples of spam phishing emails messages #scamaware

                              Flaming porrot....... I am soooo tempted to contact them thats in yours..... I love 419ers.... I dont get sent them anymore..... 9*out of ten 419ers are traceable. Becuase
                              1. They all used hacked versions of windows ( could teach my dog to acsess remotely )
                              2. There are inherently stupid and are money drunk...
                              3. They generally have no idea how to secure there own systems... i love phone number on scam mails..

                              I watched a live hack on one of these last year and was side splittingly funny.... A call was made, a loaded email was sent to them, the fools opened the email, acess was gained to the camera on the laptop while the guy was on the phone., and acsess to the router that they were all connecting with.. :tinysmile_aha_t:

                              Shininigans was the order of the day... after a few days of playing with them,, and getting there data... we flashed an Mi5 notice across there screens, with there pictures, a google map of were they were, telling them that operatives were on route.... and watching there faces through there inbuilt webcams was making it hard to get air we was laughing so much.....
                              crazy council ( as in local council,NELC ) as a member of the public, i don't get mad, i get even

                              Comment


                              • #60
                                Re: Post up and share your examples of spam phishing emails messages #scamaware

                                You have send me a link to that one, pleeeease
                                Any opinions I give are my own. Any advice I give is without liability. If you are unsure, please seek qualified legal advice.

                                IF WE HAVE HELPED YOU PLEASE CONSIDER UPGRADING TO VIP - click here

                                Comment

                                View our Terms and Conditions

                                LegalBeagles Group uses cookies to enhance your browsing experience and to create a secure and effective website. By using this website, you are consenting to such use.To find out more and learn how to manage cookies please read our Cookie and Privacy Policy.

                                If you would like to opt in, or out, of receiving news and marketing from LegalBeagles Group Ltd you can amend your settings at any time here.


                                If you would like to cancel your registration please Contact Us. We will delete your user details on request, however, any previously posted user content will remain on the site with your username removed and 'Guest' inserted.
                                Working...
                                X