I have been recieveing Bogus email's to sign onto to my bank account, so someone can get my userid and password. My Bank say's these are bogus email's and not to respond to them. I have been recieveing them in Mozilla mail. How can I tell where these email will return to , should I reply or respond to info requested. There has got to be a way to back track. I hope I can get the linux community help me to track down the low life crooks. Just think how many people are falling for this scam, it could be your dear little grandmother, BEASTS.
Jim Tate
On Sun March 28 2004 10:01, jim tate wrote:
There has got to be a way to back track.
Look at the headers. All the information is listed there. Read them carefully as they know how to hide the information even though it's right in front of you.
Am So, den 28.03.2004 schrieb jim tate um 17:01:
I have been recieveing Bogus email's to sign onto to my bank account, so someone can get my userid and password. My Bank say's these are bogus email's and not to respond to them. I have been recieveing them in Mozilla mail. How can I tell where these email will return to , should I reply or respond to info requested. There has got to be a way to back track. I hope I can get the linux community help me to track down the low life crooks. Just think how many people are falling for this scam, it could be your dear little grandmother, BEASTS.
Jim Tate
Have a look at the mail in plain format (I am not common if and how Mozilla mail can do that). Normally those fake mails are in HTML and you need to look at them in raw format to see the HTML tags, to where they direct. I sometimes get faked eBay mails and inspecting the HTML code you can see that the URI links do not direct to eBay but Russian or Romanian hosts.
You should too have a look at the full email header. There you can follow the path the email took through the different mailservers.
Alexander
Alexander Dalloz wrote:
Have a look at the mail in plain format (I am not common if and how Mozilla mail can do that). Normally those fake mails are in HTML and you need to look at them in raw format to see the HTML tags, to where they direct. I sometimes get faked eBay mails and inspecting the HTML code you can see that the URI links do not direct to eBay but Russian or Romanian hosts.
You should too have a look at the full email header. There you can follow the path the email took through the different mailservers.
Alexander
To see the raw e-mail message on mozilla , go to the "View" menu , "Message body as" and choose "plain text". This will give you all the headers , unformatted html code , etc. If there are links in the message , see if they point to ip addresses.. Send the message source to your bank ,so can they can give this information to the police so they can track down these criminals.
-- Pedro Macedo
On Sun, 2004-03-28 at 10:34, Pedro Fernandes Macedo wrote:
To see the raw e-mail message on mozilla , go to the "View" menu , "Message body as" and choose "plain text". This will give you all the headers , unformatted html code , etc. If there are links in the message , see if they point to ip addresses.. Send the message source to your bank ,so can they can give this information to the police so they can track down these criminals.
-- Pedro Macedo
Now that you are in the source, you can see which "open relay" the spammer originated from. Unfortunately there really isn't too much any one person can do about it. You could try to contact {postmaster,abuse,root}@originating.server.tld
That is; send an email to postmaster@spammer.com, abuse@spammer.com, ... and tell them to lock down their mail machine. Hopefully one of them will get through and the owner will oblige.
Best of luck, but I wouldn't hold my breath. Yes that is rather pessimistic, but also realistic.
Chris
Pedro Fernandes Macedo wrote:
To see the raw e-mail message on mozilla , go to the "View" menu , "Message body as" and choose "plain text". This will give you all the headers , unformatted html code , etc. If there are links in the message , see if they point to ip addresses.. Send the message source to your bank ,so can they can give this information to the police so they can track down these criminals.
-- Pedro Macedo
My Moz 1.6 behaves differently than described above.
To view the message as plain text, use the instructions given above, but this will not display headers, html source code, etc. (View -> Message body as -> plain text)
To see the *source* (html code, url's etc.), I carry out these instructions:
View -> Message Source
on the open email message. This will then allow an inspection of the mailto's and links.
Clint wrote:
My Moz 1.6 behaves differently than described above.
To view the message as plain text, use the instructions given above, but this will not display headers, html source code, etc. (View -> Message body as -> plain text)
To see the *source* (html code, url's etc.), I carry out these instructions:
View -> Message Source
on the open email message. This will then allow an inspection of the mailto's and links.
Opsss.. my bad.. I didnt remmember the "message source" option in the view menu...
-- Pedro Macedo
On Sun, 2004-03-28 at 23:34, Pedro Fernandes Macedo wrote:
Alexander Dalloz wrote:
Have a look at the mail in plain format (I am not common if and how Mozilla mail can do that). Normally those fake mails are in HTML and you need to look at them in raw format to see the HTML tags, to where they direct. I sometimes get faked eBay mails and inspecting the HTML code you can see that the URI links do not direct to eBay but Russian or Romanian hosts.
You should too have a look at the full email header. There you can follow the path the email took through the different mailservers.
Alexander
To see the raw e-mail message on mozilla , go to the "View" menu , "Message body as" and choose "plain text". This will give you all the headers , unformatted html code , etc. If there are links in the message , see if they point to ip addresses.. Send the message source to your bank ,so can they can give this information to the police so they can track down these criminals.
-- Pedro Macedo
Once you have the plain text with headers, print it and give it to your bank officer. What those guys are doing is a federal crime, and the FBI/CIA should be hunting them down like the dogs they are.
On Sun, 28 Mar 2004 10:01:35 -0500 jim tate mickeyboa@comcast.net wrote:
I have been recieveing Bogus email's to sign onto to my bank account, so someone can get my userid and password. My Bank say's these are bogus email's and not to respond to them. I have been recieveing them in Mozilla mail. How can I tell where these email will return to , should I reply or respond to info requested.
Look at the headers (go to "View...Headers...All" in Mozilla). The last "Received:" header will tell you the originating system. Here's a typical spam on my system:
Received: from ms-smtp-03.rdc-kc.rr.com (ms-smtp-03.rdc-kc.rr.com [24.94.166.129]) by amayatra.os2.dhs.org (8.12.11/8.12.8) with ESMTP id i2PFLA1s030205 for john@os2.dhs.org; Thu, 25 Mar 2004 09:21:10 -0600 (CST) (envelope-from vxxcek@jcpenney.com) Received: from ms-mss-01 ([10.15.8.21]) by ms-smtp-03.rdc-kc.rr.com (8.12.10/8.12.7) with ESMTP id i2OB7dtq019845 for john@os2.dhs.org; Wed, 24 Mar 2004 05:07:39 -0600 (CST) Received: from ms-mta-01 (ms-mta-01-smtp [10.15.8.71]) by ms-mss-01.rdc-kc.rr.com (iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep 8 2003)) with ESMTP id 0HV2007VRUWRZB@ms-mss-01.rdc-kc.rr.com for john@os2.dhs.org (ORCPT johnthompson@new.rr.com); Wed, 24 Mar 2004 05:07:39 -0600 (CST) Received: from kcmx03.mgw.rr.com (kcmx03.mgw.rr.com [24.94.165.192]) by ms-mta-01.rdc-kc.rr.com (iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep 8 2003)) with ESMTP id 0HV2002HAUWRCP@ms-mta-01.rdc-kc.rr.com for johnthompson@new.rr.com (ORCPT johnthompson@new.rr.com); Wed, 24 Mar 2004 05:07:39 -0600 (CST) Received: from 218-162-16-57.HINET-IP.hinet.net ([218.162.16.57]) by kcmx03.mgw.rr.com (8.12.10/8.12.8) with SMTP id i2OB7XUp029336 for johnthompson@new.rr.com; Wed, 24 Mar 2004 06:07:35 -0500 (EST) Date: Wed, 24 Mar 2004 16:06:56 +0500 From: Jeffry Price vxxcek@jcpenney.com Subject: Fwd: Get Any Pills. Our Doctors Write Prescriptions. Overnight FedEx. Secure. Discreet To: johnthompson@new.rr.com
The last Received: header shows that the email came from "218-162-16-57.HINET-IP.hinet.net" (IP address 218.162.16.57). Feed this IP address into "whois" to find out who is responsible for this spam:
[john@starfleet john]$ whois 218.162.16.57 [Querying whois.apnic.net] [Redirected to whois.twnic.net] [Querying whois.twnic.net] [whois.twnic.net] Chunghwa Telecom Data communication Business Group No.21, Hsin-Yi Rd., sec. 1 Taipei TW
Netname: HINET-NET Netblock: 218.162.0.0/15
Administrator contact: Chung Yung Kang (CYK-TW) cykang@ms1.hinet.net +886-2-2322-3442
Technical contact: Chung Yung Kang (CYK-TW) cykang@ms1.hinet.net +886-2-2322-3442
You can complain to the contacts listed, but I don't recommend trusting them. In many cases this will simply confirm your address as "live" and put you on more spam lists. Alternatively, you can forward the entire spam (all headers included) to your ISP, your bank, and the federal government's spam report address: uce@ftc.gov
Unless there's obvious fraud involved, I just use the information to feed my spam filter so the next one gets dumped before it hits my Inbox.
On Sunday 28 March 2004 09:01, jim tate wrote:
I have been recieveing Bogus email's to sign onto to my bank account, so someone can get my userid and password. My Bank say's these are bogus email's and not to respond to them. I have been recieveing them in Mozilla mail. How can I tell where these email will return to , should I reply or respond to info requested. There has got to be a way to back track. I hope I can get the linux community help me to track down the low life crooks. Just think how many people are falling for this scam, it could be your dear little grandmother, BEASTS.
Jim Tate
It's almost certain that the originating source of the e-mail has been broken into and hijacked from its rightful owner and he/she probably doesn't even know his/her system has sent out any email. It would be a pretty stupid crook, indeed, that would use a traceable mail server to send this stuff out.
Use "whois" to find out who owns the originating mail server and alert the owner, also alert the web page host, and both up stream service providers.
Regards, Mike Klinke
As others have pointed out you can retrace the path of the message through the Received lines in the message header. This type of scam requires the use of a URL. The message body is HTML and the text associated with the URL appears to be the URL of your bank. However, if you copy the link location or examine the raw HTML code (just open your mail file in a text editor) you'll see that the actual URL is an IP address. The owner of this IP network (you can look it up) is associated in some way with the scam. Usually, these will be offshore IP networks.
Ron
jim tate wrote:
I have been recieveing Bogus email's to sign onto to my bank account, so someone can get my userid and password. My Bank say's these are bogus email's and not to respond to them. I have been recieveing them in Mozilla mail. How can I tell where these email will return to , should I reply or respond to info requested. There has got to be a way to back track. I hope I can get the linux community help me to track down the low life crooks. Just think how many people are falling for this scam, it could be your dear little grandmother, BEASTS.
Jim Tate
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
-
Alexander Dalloz -
Chris Kloiber -
Christopher Ness -
Clint Harshaw -
jim tate -
John Thompson -
Mike Klinke -
Pedro Fernandes Macedo -
Robert Spangler -
Ron Herardian