As of 2016-02-26, there will be no more posts for this blog. s/blog/pba/
Showing posts with label phishing. Show all posts

Spam folder is always fun to check out. I just got an email from the FBI, which must be sent from FBI oversea branch in Greece and resides in some snowboard manufacture factory, probably a blacksite:

| From: federal bureau of investigation <testsnowboard.gr>
| Subject: Federal Bureau of Investigation (FBI)

| Federal Bureau of Investigation (FBI)
| Anti-Terrorist And Monitory Crime Division.
| Federal Bureau Of Investigation.
| INTERNATIONAL MONETARY FUNDS
| J.Edgar.Hoover Building Washington Dc
| Customers Service Hours / Monday To Saturday
| Office Hours Monday to Saturday:

Dear Beneficiary,

[snip the standard LOL spam/phishing fantasy content]

DO NOT SEND MONEY TO ANYONE UNTIL YOU READ THIS: The actual fees for
shipping your ATM card is $540 but because UPS have temporarily
discontinued the C.O.D which gives you the chance to pay when package
is delivered for international shipping We had to sign contract with
them for bulk shipping which makes the fees reduce from the actual fee
of $1020 to $540 nothing more and no hidden fees of any sort!

To effect the release of your fund valued at $2.3million Usd you are
advised to contact our correspondent in united state of America (USA)  the delivery officer
MrPeter Pan with the information below,

| Full Name:Mr Peter Pan
| Email: fbiagent.peterpangmail.com
| Telephone: +1 347 298 8756
| You are advised to contact him with the informations as stated below:

| Your full Name..
| Your Address:..............
| Home/Cell Phone:..............
| Occupation:....................
| Preferred Payment Method (ATM / Cashier Check)

Upon receipt of payment the delivery officer will ensure that your
package is sent within 24 working hours. Because we are so sure of
everything we are giving you a 100% money back guarantee if you do not
receive payment/package within the next 24hrs after you have made the
payment for shipping.

Yours sincerely,
Peter Pan

Yup, yep, FBI, IMF, UN, your kind and enthusiastic governments and organization which cant wait to give you some imaginary money. Entire email conveys a standard blah-blah-and-blah spam and phishing content, nothing out of norm. Occasionally, the terrorist, some unknown law, legal action, bizarre terms, or whatsoever, its just typically right.

But then, imagine that when I read the gentle mans name, who would be receiving a never-be-made-call from me regarding the money:

Peter Pan

Oh, cmon! How are you going to phish if you dont take your sh*t serious, dear phisher? Well at least, its Darth Vader or Sauron.

But I did have a good 3-second laugh, thanks, anyway!


Dear Mrs. Louise Howard,

I am honored that you trust me in the faith of god, he has plan for you and that's reason you found me you don't even know my name. In god's hand, you know you don't have doubts about my honesty. With that, I would need to tell a few things first.

First of all, in these days, people don't read, 100 words probably are the limitation. Please try to provide tl;dr next time you are about to meet the lord again.

We all know how devoted you are as a Christian, however, every time you mention Christian, certain disease or cancer, plus your reason of being inability to respond, those would greatly diminish the willing of acceptance from the possible millions of recipients which you have sent emails to.

Lastly, you may want to choose the assistant carefully. For this instance, your doctor seems unable to press Space properly, which makes your message harder to read. Please advise your doctor to see another doctor, his or her thumb may need medical examination. I will pray for your doctor, hopefully there is nothing serious, I rather not to be entitled as your doctor's beneficiary, it will be very sad that another good person would die after you.

As I said, I am honored. Unfortunately, $12.8 million dollars, either USD or GBP, are not enough for me to manage for you since each recipient can only receive, say 1 million of recipients, $12.8 dollar before any taxes and expenses. The time is hard for everyone, if you can die another 999 times, that would be $12.8 billion dollars and $12,800 each would be enough to be used wisely.

Speaking in front of god, there shall no lies to be told. I suggest that you keep the money and, excuse me for being utterly honest, start looking for a nice coffin. Even if others all accept, $12.8 dollars can still buy you a perfectly glued paper coffin with fine painting outside.

Two months are long enough before you step into your grave. I am sure the hospital staff can be very helpful in providing aid in that regard, they have plenty of experience with people such as you.

Do not be deceived: God is not mocked, for whatever one sows, that will he also reap.
Galatians 6:7, ESV

God bless you,
Yu-Jie Lin

title: Where is dat imporant words in this phishing email, Gmail?

Gmail failed on filtering out phising email again, a big time:

http://2.bp.blogspot.com/-vc0Cy-Un1kE/T46Ptw-HA2I/AAAAAAAADPo/jdGXoQ-JzXw/s800/2012-04-18--17:52:06.png

Oh, cmon, its body is empty, where is dat important words? It doesnt even have a subject line, alright, it has. cc, really, Gmail? What, attachment filename, you serious?

Here is a screenshot of that email, glad that Google Docs provides viewing on the net, so I dont need to download it and worry if it contains virus, though Gmail said it has scanned it. But, even it really has virus, it may need to be specifically designed for attacking on Linux.

http://2.bp.blogspot.com/-Kq129iOUp6I/T46Q2Wnc_vI/AAAAAAAADPw/QURLtepYKpI/s800/2012-04-18--17:55:15.png

The ridiculous content is old, but method is little bit new to me by using attachment. Poor Coca Cola, a victim as well.

1   Archive

1.1   Email headers

Delivered-To: livibettergmail.com
Received: by 10.180.93.101 with SMTP id ct5csp181759wib;
        Wed, 18 Apr 2012 00:01:23 -0700 (PDT)
Received: by 10.236.79.8 with SMTP id h8mr1003624yhe.79.1334732483236;
        Wed, 18 Apr 2012 00:01:23 -0700 (PDT)
Return-Path:
Received: from smtp.mail.wowway.com (smtp.wow.synacor.com. [64.8.70.55])
        by mx.google.com with ESMTP id q25si22785285yhj.122.2012.04.18.00.01.22;
        Wed, 18 Apr 2012 00:01:23 -0700 (PDT)
Received-SPF: neutral (google.com: 64.8.70.55 is neither permitted nor denied by best guess record for domain of dbhubbardwowway.com) client-ip=64.8.70.55;
Authentication-Results: mx.google.com; spf=neutral (google.com: 64.8.70.55 is neither permitted nor denied by best guess record for domain of dbhubbardwowway.com) smtp.mail=dbhubbardwowway.com
Return-Path:
X-Spam-Rating: None
X_CMAE_Category: 0,0 Undefined,Undefined
X-CNFS-Analysis: v=1.1 cv=+PD7zhiQh4wHAkX2ildB6Hz7oVUY6cTH2eYUHJ1YceI= c=1 sm=0 a=-4BUNljfCKEA:10 a=FKkrIqjQGGEA:10 a=AhRLOILGsKkA:10 a=gv4l6aEeuxxzeCLns_sA:9 a=K-QaQ4hbBhWg8AMYVz4A:7 a=QEXdDO2ut3YA:10 a=_W_S_7VecoQA:10 a=aIyur2oi7UP9Z7IZqwkA:9 a=IKIoO-ieCDEA:10 a=QLvOlBIuGJjmAZ5IHHaCwQ==:117
X-CM-Score: 0
X-Scanned-by: Cloudmark Authority Engine
Authentication-Results: smtp01.wow.synacor.com smtp.mail=dbhubbardwowway.com; spf=neutral
Received-SPF: neutral (smtp01.wow.synacor.com: 10.10.0.56 is neither permitted nor denied by domain of wowway.com)
Received: from [10.10.0.56] ([10.10.0.56:58781] helo=md02.wow.synacor.com)
 by smtp.mail.wowway.com (envelope-from )
 (ecelerity 2.2.2.40 r(29895/29896)) with ESMTP
 id 07/63-15061-0C66E8F4; Wed, 18 Apr 2012 03:01:20 -0400
Date: Wed, 18 Apr 2012 03:01:20 -0400 (EDT)
From: Roland Mkemoff
Reply-To: claimsgroup222qatar.io
Message-ID: <1725543783.781174.1334732480276.JavaMail.rootmd02.wow.synacor.com>
In-Reply-To: <2128347857.781166.1334732472431.JavaMail.rootmd02.wow.synacor.com>
Subject: cc
MIME-Version: 1.0
Content-Type: multipart/mixed;
 boundary="----=_Part_781172_32382883.1334732480274"
X-Originating-IP: [14.99.23.87]
X-Mailer: Zimbra 6.0.5_GA_2328.RHEL5_64 (ZimbraWebClient - SAF3 (Win)/6.0.15_GA_2995)

1.2   Text of attachment, award.docx

         This is to inform you that your email address has won prize money of (500,000.00) GBP for been an active web-email user. This Lottery promotion was organized by COCA COLA PLC.

A cheque of 500,000.00 GBP has been issued against your winning email and has been forward to Fair Ways Courier Company for delivery to your country of residence.
You are required to contact us with the details below to claim your winnings

1. Full name:
2. Contact Address:
3. Age:
4. Telephone Number
5. Sex:
6. Occupation:
7. State:
8. Country:
9. Nationality:

Contact: claimsgroup222qatar.io

MR Dave Dawes
Subscribe to: Posts (Atom)