No Way to Spam - Search Tool

Sunday, July 22, 2007

Is Google a Spammer?

NO, it is not, of course. But, why not block those spammers who are using this great company's services to ripe-off other people?

I am providing these details about the following scam I have received right now (on 23, July 2007; 08:06):

Return-Path: (this is a forwarded from gmail address)
Received: (qmail 15633 invoked from network); 18 Jul 2007 02:53:30 -0000
Received-SPF: neutral (IP address here, is neither permitted nor denied by SPF record at _spf.google.com)
Received: from my ISP but the following IP is not theirs ([209.85.146.179])
Received: from wa-out-1112.google.com ([209.85.146.179])
Received: by wa-out-1112.google.com with SMTP id v27so55267wah

Received: by 10.114.152.17 with SMTP id z17mr1016653wad.1184727202590; Tue, 17 Jul 2007 19:53:22 -0700 (PDT)

X-Forwarded-To: my email address X-Forwarded-For: my gmail address and my email address again here.
Delivered-to: my gmail address
Received: by 10.114.152.4 with SMTP id z4cs553993wad; Tue, 17 Jul 2007 19:53:20 -0700 (PDT)
Received: by 10.35.86.12 with SMTP id o12mr1789865pyl.1184727200449; Tue, 17 Jul 2007 19:53:20 -0700 (PDT)

Return-Path: nobody at server14.01domain.net
Received: from server14.01domain.net (server14.01domain.net [65.38.180.8]) by mx.google.com with ESMTP id i5si98470nzi.2007.07.17.19.53.18; Tue, 17 Jul 2007 19:53:20 -0700 (PDT)

Received-SPF: pass (google.com: best guess record for domain of nobody at server14.01domain.net designates 65.38.180.8 as permitted sender)
Received: from nobody by server14.01domain.net with local (Exim 4.66) (envelope-from nobody at server14.01domain.net) id 1IAzhd-0006jL-3m for my gmail address; Tue, 17 Jul 2007 20:55:50 -0600
To: gmail address

Subject: Please Restore Your Account Access
From: service at paypal.
com service at paypal. com
Reply-To: billingsade at paypal. com
Message-Id: E1IAzhd-0006jL-3m at server14.01domain. net
Sender: Nobody nobody at server14.01domain. net
Date: Tue, 17 Jul 2007 20:55:49 -0600

... And they speak about ABUSE in the following:

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - server14.01domain. net

X-AntiAbuse: Original Domain - gmail. com

X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]

X-AntiAbuse: Sender Address Domain - server14.01domain. net

X-Scrubber-List: not listed
X-Scrubber-ClamAV: clean
X-Scrubber-VpopQuota: space available
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit

The PayPal's image goes and redirects to this URL:
a target="_blank" _ _ _ _ href="http : // www . acapulco. ch/news/paypal.php" > (img src="http : // images . paypal . com/en_US/i/logo/email_logo.gif" border=0 alt=PayPal)

The Message Says:

Update Your Information
It has came to our attention that your PayPal billing information are out of date. This require you to update your billing information as soon as possible.

This billing update is also a new PayPal security statement which goes according to the established norms on our terms of service (TOS) to reduce the instance of fraud on our website.Please update your records .

A failure to update your records may result on a suspension of your account.

To update your PayPal records click on the following link:
http : // www. paypal . com/us/ (this is a text link redirected to http : // www . acapulco . ch/news/paypal.php

This new security statement will helps us continue to offer PayPal as a secure and cost-effective payment service. We appreciate your cooperation and assistance.

Sincerely,
The PayPal Team

A column at the top right of the message says:


Protect Your Account Info
Make sure you never provide your password to fraudulent websites.
PayPal will never ask you to enter your password in an email.
For more information on protecting yourself from fraud, please review our Security Tips at https : // www. paypal .com/us/securitytips (not clickable)
Protect Your Password
You should never give your PayPal password to anyone, including PayPal employees.

The message bottom says:

Please do not reply to this email. This mailbox is not monitored and you will not receive a response. For assistance, login (redirected to acapulco . ch/) to your PayPal account and choose the Help link located in the top right corner of any PayPal page.
PayPal Email ID PP295

What do those scammers want?

See more spamming IPs at http://www.ezine-act-politics-business-and-love.com/IP-address.html

Saturday, July 14, 2007

Picasa Phishing Email Spam

I checked the IP addresses this email spam dropped in from and found to my surprise that one of them belongs to Google.

Here are the details:

Return-Path: picasawebalbums-noreply at google.com
Received: (qmail 21195 invoked from network); 14 Jul 2007 10:50:53 -0000
Received: from (My ISP.......) ([64.233.162.182])
Received: from nz-out-1112.google.com ([64.233.162.182])
Received: by nz-out-1112.google.com with SMTP id l56so7722335nzh
Message-ID:
Date: Sat, 14 Jul 2007 03:50:45 -0700 (PDT)
From: Picasa Web Albums
Reply-To: ATM PAYMENT
Subject: ATM CARD PAYMENT FOR FUND BENEFICIARIES

The message body says all in caps:

View Picasa's Gallery (Text link aims at http://picasaweb dot google.com/picasateam)
Message from ATM PAYMENT:
ATM CARD PAYMENT FOR FUND BENEFICIARIES
OFFICE OF THE DIRECTOR OF OPERATIONS
INTERNATIONAL CREDIT SETTLEMENT
CENTRAL BANK OF NIGERIA.

ATTENTION BENEFICIARY:

THIS IS TO OFFICIALY INFORM YOU THAT WE HAVE VERIFIED YOUR CONTRACT /INHERITANCE FILE AND FOUND OUT THAT WHY YOU HAVE NOT RECEIVED YOUR PAYMENT IS BECAUSE YOU HAVE NOT FUFILLED THE OBLIGATIONS GIVEN TO YOU IN RESPECT OF YOUR CONTRACT / INHERITANCE PAYMENT.

SECONDLY WE HAVE BEEN INFORMED THAT YOU ARE STILL DEALING WITH THE NONE OFFICIALS IN THE BANK ALL IN YOUR ATTEMPT TO SECURE THE RELEASE OF THE FUND TO YOU. WE WISH TO ADVIVE YOU THAT SUCH AN ILEGAL ACT LIKE THIS HAVE TO STOP IF YOU WISHES TO RECEIVE YOUR PAYMENT SINCE WE HAVE DECIDED TO BRING A SOLUTION TO YOUR PROBLEM. RIGHT NOW WE HAVE ARRANGED YOUR PAYMENT THROUGH OUR SWIFT CARD PAYMENT CENTER ASIA PACIFIC, THAT IS THE LATEST INSTRUCTION BY THE PRESIDENT UMARU MUSA YAR'RADUA (GCFR) FEDERAL REPUBLIC OF NIGERIA.

THIS CARD CENTER WILL SEND YOU AN ATM CARD WHICH YOU WILL USE TO WITHDRAW YOUR MONEY IN ANY ATM MACHINE IN ANY PART OF THE WORLD, BUT THE MAXIMUM IS TWO THOUSAND DOLLARS PER DAY, SO IF YOU LIKE TO RECIEVE YOUR FUND THIS WAY PLEASE LET US KNOW BY CONTACTING THE CARD PAYMENT CENTER AND ALSO SEND THE FOLLOWING INFORMATION:

1.YOUR FULL NAME
2. PHONE AND FAX NUMBER,
3. ADDRESS WERE YOU WANT THEM TO SEND THE ATM CARD TO(P.O BOX NOT ACCEPTABLE)
4. YOUR AGE AND CURRENT OCCUPATION
5. A COPY OF YOUR IDENTITY

CONTACT PERSON:

DR.PATRICK AZZIZA
INTEGRATED PAYMENT DEPARTMENT
TEL:+234-80-34865543
EMAIL: (atmpayment_office811 at yahoo.com)

THE ATM CARD PAYMENT CENTER HAS BEEN MANDATED TO ISSUE OUT $8,300,000.00 AS PART PAYMENT FOR THIS FISCAL YEAR 2006. ALSO FOR YOUR INFORMATION YOU HAVE TO STOP ANY FURTHER COMMINUCATION WITH ANY OTHER PERSON(S) OR OFFICE(s). THIS IS TO AVOID ANY HITCHES IN FINALIZING YOUR PAYMENT.

EMAIL BACK AS SOON AS YOU RECEIVE THIS IMPORTANT MESSAGE FOR FURTHER DIRECTION IN THIS REGARDS AND ALSO UPDATE ME ON ANY DEVLOPMENT FROM THE ABOVE MENTIONED OFFICE.

NOTE: THAT BECAUSE OF IMPOSTORS, WE HEREBY ISSUED YOU OUR CODE OF CONDUCT, WHICH IS (811) SO YOU HAVE TO INDICATE THIS CODE WHEN CONTACTING THE CARD CENTER.

(MR. SADIQ ALMAN)
CHIEF AUDITOR TO THE PRESIDENT
FEDERAL REPUBLIC OF NIGERIA
ATM CARD PAYMENT FOR FUND BENEFICIARIES
If you are having problems viewing this email, copy and paste the following into your browser:
http://picasaweb dot google dot com/picasateam
To share your photos or receive notification when your friends share photos, get your own free Picasa Web Albums account (Text link aims at http://picasaweb dot google.com/).

This is an example of those spammers who are using well known companies to spam people.

Blogger
http://www.ezine-act-politics-business-and-love.com/IP-address.html

Monday, July 09, 2007

Phishing Kia Motors UK Limited Email

The Phishing email spam uses Kia Motors UK Limited name and starts with their address:

Kia Motors UK Limited
PO Box 464
Stockport
SK3 0WU

It says:

KIA MOTORS CAR / CASH AWARD PRIZE NOTIFICATION.

This is to inform you that you have been selected for a cash prize of £470,000.00 (Four Hundred and Seventy Thousand Pounds) and a brand new KIA Picanto from the International online programs held on the 25th of May 2007 in London the United Kingdom.

The selection process was carried out through random selection in our computerized Email selection system (ESS) from a database of over 250,000 email addresses drawn from all the continents of the world The KIA MOTORS Promotional Lottery is approved by the British Gaming Board and Also Licensed by the International Association of Gaming Regulators (IAGR).

This lottery is the 1st of its kind and we intend to sensitize the public as we are using it to promote the sales of our range of vehicles.

To begin the processing of your prize you are to contact the remittance department with the emails address provided below through our accredited Prize Transfer agents as stated below:

Trevor Churchill
Kia Motors UK Limited
19 Ul,Essex ,PE9 2YP ,
London United Kingdom.
E-mail: t.churchill101 at hotmail.co.uk
Tel: +44 704 572 5308

Contact him with your secret pin code KIA/000/000000 and your reference number TYT: 00000000/000. You are also advised to provide him with the under listed information as soon as possible:

Claims Requirements:

Claims Requirements:

1. FULL LEGAL NAMES : --------------------------
2. ADDRESS OF RESIDENCE: ----------------------
3. SEX : ---------------------------------------------
4. NATIONALITY : ---------------------------------
5. MARITAL STATUS : -----------------------------
6. AGE : ---------------------------------------------
7.NEXT OF KIN : ------------------------------------
8. OCCUPATION : -----------------------------------
9. PHONE / FAX : ------------------------------------
10. CURRENT OCCUPATION : -----------------------

Congratulations once again !

With Best Regards
Mr. Dominic Gerard
Lottery Manager.

This message and attachments are subject to a disclaimer. Please refer to www . it . up . ac . za/documentation/governance/disclaimer/ for full details.

/ Hierdie boodskap en aanhangsels is aan 'n vrywaringsklousule onderhewig. Volledige besonderhede is bywww . it . up . ac . za/documentation/governance/disclaimer/ beskikbaar.

Anti Spam Followers! Say NO to Spam! Join the NO!

Fujitsu Computer Systems Corporation

Bookmarks

Add to Netvibes StumbleUpon Stumbleupon It AddThis Social Bookmark Button
Add2Netvouz

Feeds