Tuesday, July 13, 2010

Job offer or Learning Jakarta


We have already reviewed couple email offers from so called local businesses and from Nigeria. Below is one more example. This time our "friend" writes from Asia. Here is the message that we got.



First, never click any links provided you by unknown people! In 99.9% there will be a computer virus that will silently install a software so that your computer will be widely opened to the strangers. The results can be very sad - your stolen personal info, SSN, bank accounts, names, addresses, etc. This info can be used to steal your money from your accounts, to open new loans that you will never find until you realize that you need to pay for something that you've never bought, etc. And you will  be unable to prevent that if your personal info is widely spread over the Internet. Sometimes people are very naive and provide their own info for free to whoever wants to get it. There are many TV and Radio programs, Internet web sites, newspapers, magazines, showing and telling how to prevent that, but... People never learn. In this particular case the author of this email message simply wants you to enter your personal info! How simple that is! Will you do that?

Let's skip this incredible salary of 300-500 per month and tons of promises and dig deeper using the trick that we have already described here. Below is what we got from this email message.

Return-Path: <"kekechi06@yahoo.com">kekechi06@yahoo.com>
Delivery-Date: Sat, 10 Jul 2010 09:24:54 -0400 Received: from web57001.mail.re3.yahoo.com (web57001.mail.re3.yahoo.com [66.196.97.105]) by mx.perfora.net (node=mxus1) with ESMTP (Nemesis) id 0M56CE-1PJU8u0kwQ-00yZa1 for  <"support@pcyoutrust.com">support@pcyoutrust.com; Sat, 10 Jul 2010 09:24:54 -0400
Received: (qmail 23789 invoked by uid 60001); 10 Jul 2010 13:24:53 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1278768293;
bh=y1i6YO1rfD3LTTGKvV6JDPEt7Q+/oMiLyiLu5N38iPo=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type;b=... DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=hJH21... Message-ID: <<"mailto:585823.23227.qm@web57001.mail.re3.yahoo.com">585823.23227.qm@web57001.mail.re3.yahoo.com>
X-YMail-OSG: o5WJFa0VM1lnyOfh57jKYJCRyQNZetJe5Wr2Vdbfrd0wRKG
 8xHpIZdZx8VULVj_3IyFpyvThvQ1U9xnt7nDUTzzKpjJ0pP1gR2dgGEU79yX
 nwIFDCsg80z9lKP.jXkAJrRsm8382D7S.INEckmKOjXthMvYoNSJdVGPrvTa
 PWbZalJn2DsR5HmxFFdGIfdWvGKH0t5stOoJZZD6j9lLFAo796ro8fyhdLwX
 aa8Rnrlixc7ehbDHhDtsJ4KQEyu8delM9S9g0vbh_vDTg8alMaOqgGv997AN
 oc.9YPOZDSqiCVXx522OV.yKobak-
Received: from [125.166.239.228] by web57001.mail.re3.yahoo.com via HTTP; Sat, 10 Jul 2010 06:24:53 PDT X-Mailer: YahooMailRC/300.3 YahooMailWebService/0.8.104.276605
Date: Sat, 10 Jul 2010 06:24:53 -0700 (PDT)
From: kyanna williams <kekechi06@yahoo.com>
Subject: re: phoenix
To: support@pcyoutrust.com
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1653735271-1278768293=:23227"
Envelope-To: support@pcyoutrust.com

We skip all the details and get the IP address this message was sent from. As we have already written before there are many free Internet services to find the sender. Let's use this one and get some info from it. Here we go.



Take a closer look at the comment:

Comment:    ** IMPORTANT NOTE: APNIC is the Regional Internet Registry
Comment:    for the Asia Pacific region. APNIC does not operate networks
Comment:    using this IP address range and is not able to investigate
Comment:    spam or abuse reports relating to these addresses. For more
Comment:    help, refer to http://www.apnic.net/apnic-info/whois_search2/abuse-and-spamming
It's very important to know that even this IP address is not registered at the web site that we tried, there are still ways to find it. Here is the quote from this link:



As we can see each region has its own web site:

  • AfriNIC (Africa),
  • ARIN (North America),
  • APNIC (Asia Pacific),
  • LACNIC (Southern and Central America and the Caribbean), and
  • RIPE NCC (Europe and the Middle East).

APNIC has different laws and regulations. Here is another quote.



This region is really huge and it's divided into several parts.



Each part has its own center and if you really want you can contact these databases.
 


NIR


Nation


Whois Database

APJII
Indonesia
Refer to  arrow-blue
APNIC Whois
Database

CNNIC
China


Refer to  arrow-blue
APNIC Whois
Database

JPNIC
Japan
http://whois.nic.ad.jp/cgi-bin/whois_gw

KRNIC/NIDA*
Korea


http://whois.nic.or.kr/english/

TWNIC
Taiwan
http://www.twnic.net/index2.php

VNNIC
Vietnam
Refer to  arrow-blue
APNIC Whois
Database


Let's return back to our original message. Here is the link to find the IP address this message came from. The report is relatively long since there are 5 records found for our IP address. Here is the report.



As you can see, all these addresses are located in Indonesia and have nothing to the local business. There are so many questions that we can ask about this business and this particular offer. And the first question could easily be - are they unable to find somebody local to work with? The second question, that we could probably ask, can be - how these people work with "Google, Facebook, Myspace, Amazon, eBay, and Yahoo" living in Indonesia? The most obvious answer is - they never worked with these companies, they are just using their names to trick the people receiving their messages. Usually if the people see the names of the well-known companies they at least don't delete the message right away and read a little more. So these names are used to pay your attention. It's not important what's inside these messages. All that was done just to get your personal info. As a possible way, they can tell you that they sent you a check in a mail, but you didn't receive it. So why don't you provide them your personal info and bank account to make a direct transfer? As a result, you will probably lose everything including your identity. Do you really want that? Absolutely not! These people want to get your personal information using any trick. So don't be widely open and never provide anything whatever they want!

Good luck!
Posted by at No comments:

A job offer from a local business?

Have you ever received a strange offer from some local business? Say, what should be your reaction if you receive the email message like this? The first possible thought could be "What kind of guy that is if he has a personal attorney taking care of his house?" Right?



From the first view, this guy looks very rich, although his email message has several typos and grammar mistakes. If he is on a business trip, and his personal attorney takes care of his house, then his email message should be at least a little more realistic and at most a very skilled secretary should send it to you. The question is "why it was sent to you, not to anybody else". Is this person able to hire an IT person as a permanent staff, a member of his team, to at least keep his personal secrets that he keeps on his computer away from strangers? But let's skip this and other questions like this for now. Let's keep playing with this person to better understand what exactly he wants, but keeping in mind that this person is somebody else. Don't try to find this guy in your local address book, it doesn't exist. Well, actually he exists, but not in your country for sure. We know the trick with IP addresses that we described earlier. It's easy to check the source of this email message. It came from the same city - Ebene, Mauritius. But let's play with this guy sending him some info that he would consume with no doubt. After sending him the first short answer, we received the following reply (below).



He changed the email account right in the middle of his bussiness trip. Does that sound real? He keeps pressing you to get more personal info about you including your location. Isn't that suspicious? And he is currently in Switzerland, isn't he? Well, we could assume for a second that this European country is located not far from Ebene, Mauritius, but it can't be that close, as this guy wants us to think, because it's located in the ocean to the East of Africa. Ok, let's continue our game without informing this person and ask him to send his personal attorney contact info to get more fun and see his reaction.



The results are very impressive. He wants you, the person he never knew, and nobody else, to get the money from him to pay his own attorney! Do you still believe in all that?



Wow, he is unable to find his own attorney. Is his attorney a spy, nobody from nowhere? And this "attorney" takes care of the house! Would you trust the guy you are never able to find? Do you believe in all these stories? Does that sound real? The attorney is always mobile. Why he is running? He doesn't want the Law to catch him or what? Let's pretend that we swallowed all that and send a reply to see what's next.



Well, finally this guy lost his patience, there is no usual hello or anything like that. He is not so polite anymore. Instead, it looks like he already began to realize that somebody is playing games with him, and this is not what he really expected. All we asked in our message was if he knows one guy in our area with the name like his.

Ok, all that was done to better understand the guys's intention, and we stopped at this stage. What he wanted? He wanted to get the personal info, like the guy in another email that we described here. Maybe it was the same guy? Who knows... Maybe it's better to leave that to the local police of Ebene.

Conclusion.

If you receive email messages like these just keep in mind that the free cheese is only in a mouse trap.

Good luck!
Posted by at No comments:

Money from Nigeria? Beneficiary.., Let's dig deeper...

Have you ever received email messages like this in your life? Will you answer this message providing complete info about yourself?






We don't think so. Most of the people just ignore these messages considering them as dangerous and they are absolutely right. Let's look inside this message. It's very easy to get a little more info if you know how. If you are still using Outlook Express with your Windows XP you can simply take a look at the Source Code of this email message. If you are using Outlook you can simply open the Message Options. Almost any email program can let you look inside your email message, and this is what we need to do now. We intentionally didn't change anything inside this text below. From the very first view this info looks strange, but let's go step by step and see what we can get from this info.
Return-Path:  profsanusilmd0@gmail.com
Delivery-Date: Thu, 08 Jul 2010 08:49:52 -0400
Received-SPF: neutral (mxus0: 69.167.140.24 is neither permitted nor denied by domain of gmail.com) client-ip=69.167.140.24; envelope-from=profsanusilmd0@gmail.com; helo=cloud.smokyhosts.net;
Received: from cloud.smokyhosts.net ([69.167.140.24]) by mx.perfora.net (node=mxus0) with ESMTP (Nemesis) id 0M8f2B-1PJKZ12kwV-00vbSh for support@PCYouTrust.com; Thu, 08 Jul 2010 08:49:52 -0400
Received: from localhost ([127.0.0.1]:52776 helo=ismyw.com)
by cloud.smokyhosts.net with esmtpa (Exim 4.69) (envelope-from profsanusilmd0@gmail.com)
id 1OWqWe-0005Ai-E5; Thu, 08 Jul 2010 08:48:24 -0400
Received: from 41.211.227.154 ([41.211.227.154]) (SquirrelMail authenticated user savation@kidportal.ismywebsite.com) by ismyw.com with HTTP;
Thu, 8 Jul 2010 08:48:24 -0400essage-ID: lt;b31fb02a040046762bcca16f1794e243.squirrel@ismyw.com>
Date: Thu, 8 Jul 2010 08:48:24 -0400
Subject: FROM THE DESK OF MALLAM SANUSI LAMIDO AMINU‏
/// PAYMENT RELEASED
From: "MR.LAMIDO SANUSI" <profsanusilmd0@gmail.com>
Reply-To: <profsanusilmd0@gmail.com>
User-Agent: SquirrelMail/1.4.20
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - cloud.smokyhosts.net
X-AntiAbuse: Original Domain - pcyoutrust.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - gmail.com
X-Source:
X-Source-Args:
X-Source-Dir:
Envelope-To: support@PCYouTrust.com

What do we see here? To make a long story short, take a closer look at the
Received From: string. Here is the IP address that we can check:
41.211.227.154. There are many free services on the
Internet like this one here:
www.whoisip.com. You can actually Google for the IP address above and Google
will provide you many searching engines telling you many details about the
address that you requested. We can use it and make a quick database search at:

https://ws.arin.net/whois/index.html. Below is what we got.
OrgName: African Network Information Center

OrgID: AFRINIC
Address: Level 11ABC
Address: Raffles Tower
Address: Lot 19, Cybercity
City: Ebene
StateProv:
PostalCode:
Country: MU

NetRange: 41.0.0.0 - 41.255.255.255
CIDR: 41.0.0.0/8
NetName: NET41
NetHandle: NET-41-0-0-0-1
Parent:
NetType: Allocated to AfriNIC
NameServer: NS1.AFRINIC.NET
NameServer: NS-SEC.RIPE.NET
NameServer: NS2.LACNIC.NET
NameServer: TINNIE.ARIN.NET
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
Comment:
RegDate: 2005-04-12
Updated: 2009-05-27
OrgAbuseHandle: GENER11-ARIN
OrgAbuseName: Generic POC
OrgAbusePhone: +230 4666616
OrgAbuseEmail: abusepoc@afrinic.net

OrgTechHandle: GENER11-ARIN
OrgTechName: Generic POC
OrgTechPhone: +230 4666616

OrgTechEmail: abusepoc@afrinic.net

It is easy to notice that this email message has nothing to Nigeria as it was claimed. Instead, it's absolutely clear where this message came from. We used the Red color above to show that. The country is called  Mauritius, the name of the city is Ebene, and even the mail addresses of the Internet Service Provider is available. The best you can do for this person is to send a complaint to his Internet Service Provider (ISP). The Police will be happy to take care of this guy if the ISP forwards the report to them. At least the ISP will simply disable this customer cutting his Internet connection off. The email address to send our complaint is usually on the file when we check the IP address using the method like this one above:

OrgAbuseEmail: abusepoc@afrinic.net
So if you send a short email notice to the ISP including the reason why you are writing, the copy of the original email message, and the copy of the technical info from the email message header, you can make the world a little cleaner. Please never answer these messages if you are not absolutely sure in what you
are doing. There are several examples when people after answering these or similar messages lost everything, like one American man several years ago. He was promised several millions of dollars (usually around $10,000,000 written in digits and words to make the email message more real). All he needed to do was a very simple thing - to send the info about himself, then to transfer some amount
of money to help the attorney to get the money from the bank, then to buy a ticket to meet with this attorney.., then... To make this long story short - he had to sell his own house to send these smart guys several hundreds of thousands of dollars and, when he finally realized that he was tricked and contacted the Police, it was too late. Don't be like him!
 
Posted by at No comments:
Subscribe to: Posts (Atom)