As of 2016-02-26, there will be no more posts for this blog. s/blog/pba/
Showing posts with label phishing email. Show all posts

I received this LOL email:
Delivered-To: livibetter@gmail.com
Received: by 10.180.93.101 with SMTP id ct5csp139659wib;
        Tue, 10 Apr 2012 01:26:35 -0700 (PDT)
Received: by 10.204.141.25 with SMTP id k25mr4094241bku.72.1334046395436;
        Tue, 10 Apr 2012 01:26:35 -0700 (PDT)
Return-Path: 
Received: from ispm.sl.ru ([91.218.10.209])
        by mx.google.com with ESMTPS id zw9si11860501bkb.48.2012.04.10.01.26.35
        (version=TLSv1/SSLv3 cipher=OTHER);
        Tue, 10 Apr 2012 01:26:35 -0700 (PDT)
Received-SPF: neutral (google.com: 91.218.10.209 is neither permitted nor denied by best guess record for domain of apache@ispm.sl.ru) client-ip=91.218.10.209;
Authentication-Results: mx.google.com; spf=neutral (google.com: 91.218.10.209 is neither permitted nor denied by best guess record for domain of apache@ispm.sl.ru) smtp.mail=apache@ispm.sl.ru
Received: from apache by ispm.sl.ru with local (Exim 4.69)
 (envelope-from )
 id 1SHWJs-0002f7-V9
 for livibetter@gmail.com; Tue, 10 Apr 2012 12:20:56 +0400
To: livibetter@gmail.com
Subject: Compliments
Date: Tue, 10 Apr 2012 12:20:56 +0400
From: Wanis Al-qaddafi 
Reply-To: wanisalqaddafi@gmail.com
Message-ID: 
X-Priority: 3
X-Mailer: PHPMailer (phpmailer.sourceforge.net) [version ]
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="iso-8859-1"
Sender: Apache 

Dear Sir,
 
I am an Aid to late Muammar Gaddafi's Intelligence Chief, Abdullah Al-Senussi who is in detention 
after he was arrested at Nouakchott airport Mauritania. The Libyan prosecutor general has sent an 
extradition request to the Mauritanian government through Interpol for him to return home for fair trial 
in Libya. As regards to this, he has asked me to move some of his funds to an offshore account hence 
my contact with you. I want to solicit your attention to receive funds on his behalf considering your 
experience in implementing corporate solution and vast years of business intelligence and because 
my status would not permit me to do this alone putting into consideration the currents events in Libya. 
If you are interested to help us on this transaction, be aware that you will be well compensated. 
Let me know if you can help us so i can discuss among other things the security and procedures to 
move the fund to you as soon as possible.

Awaiting your reply
 
Thanks

Wanis Al-Quaddafi
Notice the From field? "libya.state.gov," that is such a joke. It was actually sent from Russia and it didn't get into Spam folder in Gmail. I have received a few spams this week, which didn't get put into Spam folder.

It said "late" and Libyan prosecutor general wants to prosecute a dead body? Well, that guy is still alive and this is last month's news. Proof-reading your phishing email, idiot! Don't just copy your old template.

I can't find Wanis Al-Quaddafi, but I do find Wanis al-Qaddafi, who has died for nearly three decades. You really need to make up a better fake name.

Did anyone even fall for such brainlessly written email? I don't think so.

I am 100% sure this is a phishing email:

Delivered-To: livibetter@gmail.com
Received: by 10.180.93.101 with SMTP id ct5csp55673wib;
        Mon, 2 Apr 2012 05:21:52 -0700 (PDT)
Received: by 10.204.154.28 with SMTP id m28mr3395729bkw.102.1333369312770;
        Mon, 02 Apr 2012 05:21:52 -0700 (PDT)
Return-Path: <zaharchenko-dl@mytrinity.com.ua>
Received: from mail.mytrinity.com.ua (mail.mytrinity.com.ua. [193.46.210.13])
        by mx.google.com with SMTP id m12si9866336bke.54.2012.04.02.05.21.52;
        Mon, 02 Apr 2012 05:21:52 -0700 (PDT)
Received-SPF: pass (google.com: domain of zaharchenko-dl@mytrinity.com.ua designates 193.46.210.13 as permitted sender) client-ip=193.46.210.13;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of zaharchenko-dl@mytrinity.com.ua designates 193.46.210.13 as permitted sender) smtp.mail=zaharchenko-dl@mytrinity.com.ua
Received: (qmail 20697 invoked by uid 507); 2 Apr 2012 12:24:48 -0000
Received: from pppoe.178-209-88-189.m-nas12.mytrinity.com.ua (HELO microsof-3d23a2) (zaharchenko-dl@mytrinity.com.ua@178.209.88.189)
  by azovline.net.ua with SMTP; 2 Apr 2012 12:24:48 -0000
From: "Dmitry" <zaharchenko-dl@mytrinity.com.ua> 
To: "livibetter@gmail.com" <livibetter@gmail.com>
Date: Mon, 02 Apr 2012 15:18:11 +0300
Subject: Stamps
MIME-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: quoted-printable
X-Mailer: aspNetEmail ver 3.6.0.77
Message-ID: <MICROSOF-3D23A2729a3bd99bc941e7b115c64fc377066b@microsof-3d23a2>

Good afternoon=2E My name is Zaharchenko Dmitry=2E I live in Ukraine=2E I=
 collect stamps from every corner of the globe=2E This hobby Has passed t=
o me from the father and now I want that then my small son was fond of it=
 also=2E In internet I find much Information on stamps and collectors, I =
strike up with them acquaintances and I change stamps=2E In the same plac=
e I have found also your E-mail=2E I would like you to ask, if to you it =
is not difficult, to send to me for collection replenishment any stamps w=
hich you presume to send by post=2E I hope for an early reply and your re=
sponsiveness=2E=0D=0A   With best regards=0D=0A  Zaharchenko Dmitry=2E=0D=
=0A=0D=0AMy postal address:=0D=0Apr=2EM=2EZhukova 88-61 =0D=0AMariupol=0D=
=0AUkraine=0D=0A87503=0D=0ADmitry Zakharchenko=0D=0A

And I found someone use the exactly same sentence but different name:


They are so dumb, can't even make a record where they scraped my email address, so they can include the source to increase their phishing credibility from somewhere like -99^99 to -99^99 + 1.

Stamp collecting? LOL. And never a once ask me where I am from, really, go read "Phishing 101" or "Phishing for Dummies", or "Teach Yourself Phishing in 7 days."

Don't waste our time, loser.

PS. Zaharchenko Dmitry, I will give you a discount for those books, send me 50 bucks in USD via Paypal, I will send you those three books to your mailing address, S/H included, custom not. Whatcha say?


This spam email really crapped me up.

Firstly, it is "TOP SECRET." At first, it got me excited and I thought: now comes with the CIA? Black-ops? What a such disappointment, it wasn't. Just another stupid spam about a lot of imaginary money.

Then, I noticed the location. It's a long word, you have to notice. Ouagadougou? Where the hell is that? Or is that even spoken in African languages? Heck, I need to check Wikipedia in order to find its location and which country it belongs to. Burkina Faso, where is that again?

Come on, spammers, give me dat instructions for meeting the secret handler, so I can exchange the package! And please pick up a city whose name I can pronounce, thanks!


Big LOL!

I always clean up my spam box and sometimes I did have a good laugh. This kind is new to me.

Well, at least, it's not as if I am going to have another imaginary million dollars from some widow or widower writing me from a place I have never heard before without my email address in To field.

I checked the original mail and saw that's linked to Google Docs Spreadsheet. I felt safe, so I copied the link and opened it, but Google said "Page Not Found" (as you can see in the third tab). Only 42 minutes (I believe it's quick), it has been taken down, I guess.

you are to carefully fill in your email account details.

Especially, my PASSWORD, right?