Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI
 ·Comcast
| I Got One of Those Scams
Gee, I never win anything,  but today I got one of those scams to get your account info... and... (I can't believe this list at the link)...
First Name:
Last Name:
Daytime Phone:
Evening Phone:
Billing Address
Address:
City:
State:
Zip:
Country:
Credit Card Information
Name On Card:
Credit Card Number:
Expiration Date:
Verification Number: (Found on Back of your CC)
Pin Number: (For Security Purpose)
Bank Information
Bank Name:
Account Type:
Bank Routing Number:
Bank Account Number:
Bank Phone Number:
Social Security Number:
Driver's License Number:
State Issued:
Mother's Maiden Name:
User Name Information
Date Of Birth:
User Name: (e.g: jdoe@earthlink.com)
Password:
Occupation:
.... of course, *everything* is required info. What if you don't drive?
I sent a message to Robert in case there's anything new. The link is a redirect. |
|
borborpa
Slipping Slowly Into Oblivion
Premium
join:2002-02-20
New Cumberland, PA
clubs: | Make sure you forward the message to fraud@earthlink.net. |
|
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs: | reply to Bill_MI
After you fill in the required fields.  just kidding |
|
Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI
·Comcast
| reply to borborpa
Thanks, I just sent it. The site is *still* up at this time... I just *have* to check it periodically out of curiosity.
Doc, if I send you the site *you* can fill it out for me, ok? |
|
rjackal
R.I.P Colin McRae 1968-2007
Premium
join:2002-07-09
Plymouth, MI
clubs:
| I think you should fill out the form ... with false (but not too obviously false) information, so as to waste those idiots' time.
Maybe if they try and use the false info, they'll attract the attention of the authorities!
--
World Rally Wrules! |
|
MxxCon
join:1999-11-19
Brooklyn, NY
clubs:
| reply to Bill_MI
ELNK should really start digitally signing ALL their emails.
make FAQ for many email clients explaining how to configure them to use public/private keys and then specify that any ELNK email that does not have digital signature should be very questionable.
or create hash key from text content of an email and make a web application that will verify that hash from pasted msg..
--
[Sig removed by Administrator: Signature can not exceed 20GB] |
|
Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI
·Comcast
1 edit | reply to rjackal
said by rjackal  :
I think you should fill out the form ... Maybe if they try and use the false info, they'll attract the attention of the authorities!
That sounds like a good technique for the authorities to me.
The site is still up at this time and traces to the same (apparently California) location (EDIT: which means nothing... the site can be controlled by anyone in the world, obviously...). |
|
Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI
·Comcast
1 edit |  reply to MxxCon
Wasted Effort IMHO
said by MxxCon :
ELNK should really start digitally signing ALL their emails.
I seriously see that as a catch-22/wasted effort. Far too complicated for the most vulnerable users and "Power Users" don't need it.
It doesn't mean we can't turn this into constructive brain-storming. Earthlink can't be the only ISP in the world that faces this, I'm sure. |
|
MxxCon
join:1999-11-19
Brooklyn, NY
clubs:
| well AOL and MSN both use proprietary software and official emails appear differently than regular emails.
i don't think it's "far too complicated" to import public key
--
[Sig removed by Administrator: Signature can not exceed 20GB] |
|
Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI
·Comcast
| said by MxxCon :
i don't think it's "far too complicated" to import public key
Of course not, you're a power user!
In the meantime I got a second one of these things tonight. Geesh. Identical message, just different source IP and times (of course). |
|
lzrdlps
@adelphia.net | Sent Elink with the same message, asked why there wasn't network wide warning to all subscribers, Still no answer. Switched to Adelphia this weekend, haven't had any problems, if you want to call triple the speed a problem. |
|
Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI | And the site is still up. |
|
Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI | reply to Bill_MI
That Site Finally Died
...just noticed it minutes ago - probably happened sometime today. Good riddance. |
|
delt4
17 years ... still waiting
Premium
join:2000-07-13
Pittsburgh, PA
·Comcast
| reply to Bill_MI
Re: I Got One of Those Scams
Just got 2 of these today. Hopefully who ever is responsible for this gets prosectuted really good. Never ceases to amaze me what people will do to scam money from other people. |
|
Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI
·Comcast
| Just for the Record...
Hi Delt. Not the same text as mine posted below.
Dear EarthLink Member,
The credit card we have on file for your EarthLink Internet service was
declined when we attempted to bill you $21.95 on 11/31/2003 for your
most recent service fees. For this reason, your service could be suspended.
Please visit our Account Information pages, located at »account.earthlink.com,
and update your credit card information as soon as possible.
Once your credit card information is updated, you will be charged
immediately, as soon as payment is received.
Thank you for your prompt attention to this matter. We look forward to
continuing to serve you.
Sincerely,
EarthLink Customer Care
The link that's invalid, anyway ( note earthlink.com), actually goes elsewhere. |
|
delt4
17 years ... still waiting
Premium
join:2000-07-13
Pittsburgh, PA
1 edit | reply to Bill_MI
Re: I Got One of Those Scams
Unless that scam site is using a proxy, the email ( the one that I received )originated from Seoul, South Korea. |
|
Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI
1 edit | We very well could have the same address. Was it also sent through Hotmail?
EDIT: Except my second, identical one, came via a US registration. I don't think these are any clues at all. |
|
WillieFox
join:2002-03-24
Park Ridge, IL
| reply to Bill_MI
Below is the complete email with some coded MIME at the end. Anyone know what it is? Norton AV scan is negative.
Status: U
Return-Path:
Received: from host217-42-182-172.range217-42.btcentralplus.com ([217.42.182.172])
by cave.mail.atl.earthlink.net (EarthLink SMTP Server) with SMTP id 1atuEl5uz3Nl3pX0
for ; Mon, 8 Dec 2003 18:18:43 -0500 (EST)
Received: from [73.84.12.193] by host217-42-182-172.range217-42.btcentralplus.com with ESMTP id BF1718EF87B; Sat, 13 Dec 2003 02:10:19 +0300
Message-ID:
From: "earthlink.net"
Reply-To: "earthlink.net"
To:
Subject: Official notice to all users of Earthlink.net!
Date: Sat, 13 Dec 03 02:10:19 GMT
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="43DDFA12C__36"
X-Priority: 3
X-MSMail-Priority: Normal
X-ELNK-AV: 0
--43DDFA12C__36
Content-Type: multipart/alternative;
boundary="43DDFA12CFF36"
--43DDFA12CFF36
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable
snsSmallText {
font-family: Verdana, Arial, sans-serif;
font-weight: normal;
font-size: 11px;
font-style: normal;
color: #000000;
}
snsSmallTextBold {
font-family: Verdana, Arial, sans-serif;
font-weight: bold;
font-size: 11px;
font-style: normal;
color: #000000;
}
snsSmallTextBoldReverse {
font-family: Verdana, Arial, sans-serif;
font-weight: bold;
font-size: 11px;
font-style: normal;
color: #FFFFFF;
}
snsSmallTextBoldFlexUi {
font-family: Verdana, Arial, sans-serif;
font-weight: bold;
font-size: 11px;
font-style: normal;
color: #0000ff;
}
snsSmallTextLink {
font-family: Verdana, Arial, sans-serif;
font-weight: normal;
font-size: 11px;
font-style: normal;
color: #0000ff;
text-decoration: underline;
}
snsSmallTextBoldLink {
font-family: Verdana, Arial, sans-serif;
font-weight: bold;
font-size: 11px;
font-style: normal;
color: #003366;
text-decoration: underline;
}
snsSmallestText {
font-family: Verdana, Arial, sans-serif;
font-weight: normal;
font-size: 10px;
font-style: normal;
color: #000000;
}
snsSmallestTextBold {
font-family: Verdana, Arial, sans-serif;
font-weight: bold;
font-size: 10px;
font-style: normal;
color: #000000;
}
snsMediumText {
font-family: Verdana, Arial, sans-serif;
font-weight: normal;
font-size: 14px;
font-style: normal;
color: #000000;
}
snsMediumTextBold {
font-family: Verdana, Arial, sans-serif;
font-weight: bold;
font-size: 14px;
font-style: normal;
color: #000000;
}
snsMediumTextBoldLink {
font-family: Verdana, Arial, sans-serif;
font-weight: bold;
font-size: 14px;
font-style: normal;
color: #003366;
}
snsHeadline {
font-family: Verdana, Arial, sans-serif;
font-weight: bold;
font-size: 18px;
font-style: normal;
color: #000000;
}
snsFieldLabel {
font-family: Verdana, Arial, sans-serif;
font-weight: bold;
font-size: 11px;
font-style: normal;
color: #000000;
}
snsFieldSubtext {
font-family: Verdana, Arial, sans-serif;
font-weight: normal;
font-size: 11px;
font-style: normal;
color: #0000ff;
}
snsNavbar {
font-family: Verdana, Arial, sans-serif;
font-weight: normal;
font-size: 8pt;
font-style: normal;
color: #ffffff;
}
snsGrayBoxText {
color: #000000;
}
snsErrorBoxText {
font-family: Verdana, Arial, sans-serif;
font-weight: normal;
font-size: 11px;
font-style: normal;
color: #ff0000;
}
snsErrorText {
color: #ff0000;
}
snsHpSmallTextBold {
font-family: Verdana, Arial, sans-serif;
font-weight: bold;
font-size: 11px;
font-style: normal;
color: #003366;
}
snsHpSmallTextLink {
font-family: Verdana, Arial, sans-serif;
font-weight: normal;
font-size: 11px;
font-style: normal;
color: #003366;
text-decoration: underline;
}
snsHpSmallTextBoldLink {
font-family: Verdana, Arial, sans-serif;
font-weight: bold;
font-size: 11px;
font-style: normal;
color: #003366;
text-decoration: underline;
}
snsHpMediumTextBold {
font-family: Verdana, Arial, sans-serif;
font-weight: bold;
font-size: 14px;
font-style: normal;
color: #003366;
}
snsHpMediumTextBoldLink {
font-family: Verdana, Arial, sans-serif;
font-weight: bold;
font-size: 14px;
font-style: normal;
color: #003366;
text-decoration: none;
}
snsHpHeadline {
font-family: Verdana, Arial, sans-serif;
font-weight: bold;
font-size: 18px;
font-style: normal;
color: #003366;
}
noLineLink {
font-family: Verdana, Arial, sans-serif;
font-weight: normal;
font-size: 11px;
font-style: normal;
text-decoration: none;
cursor: default;
}
snsFieldSpacer {
line-height: 10px;
}
td {
font-family : Arial,Helvetica,sans-serif;
font-size : 12px;
color: #666666
}
footer A:link, A:hover, A:active {color:#0000ff; text-decoration:underlin=
e;}
footer A:visited {color:#660066; text-decoration:underline;}
Dear Earth=
link User,
This email
is
a reminder that your
EarthLink account information is not up-to-date. To avoid any
interruption to your service including the ability to log onto EarthLink,=
please update your credit or debit card information.
If you do not update your credit or debit
card information you
may no longer be able to use EarthLink.
This is your final
notice. Please take a moment to update your credit card in=
formation
by clicking here
and submitting your information.
Please
note that we will attempt to renew your service five days from
today. If we are still unable to charge your credit card at that
time, your service will be terminated.
Sincerely,=
Earthlink =
Billing
Department
--43DDFA12CFF36--
--43DDFA12C__36
Content-Type: image/jpeg;
name="pic.gif"
Content-Transfer-Encoding: base64
Content-ID:
R0lGODlhuwAwAMQAAAAAAP9mAP+SGf5nAP7+//xlAPlkAO5fAN9ZAP9nAftmAvJlBvlpCLdN
BvpuEcZkIvKIQdZ7PrdwQPSZW8uHWOWmfPjo3fz18PNgAPphAc1SAu1oEMd1P+nJtfbWwZk0
ACH5BAAAAAAALAAAAAC7ADAAAAX/ICCMZGmeaKqubOu+cCzPsJgE+IDvfO//wKBwSCwaj8ik
UijKLQfQqHRKrVqv2Kx2y+16v9gmT7csm8/otDotXo/d8Lh8/mufp/S8fm+28/+AgXN+goWG
h0aEZWSIjY59AnxQj5SVO4poUjuMlp2HmEkJCgykpAoGnJ6qhXapb046NwkMEx4Wtx0QGKgB
OgoBCpOuOTdOapzFvcRBZL6vypzDbzoDycbWxkutRdSxDh4E4eIEHQcYpBATDgsGAQnS1YzS
d7/QONbyjAnvPdTZ/z0KyHInxN+ZbcxSMXBgIZwFChQqNCRQIUKHhhcIbMBQL8cwbHCq7RB1
b0wzgiU3/yUrZlAIv14ifdwgAxIJwiMMCVyg0KCBBg0NKlToQMBDBQ0PjCLAUOCkj0kAzbi6
Eazbpqstl9nj8VJmyiJdtUW6CsSqOwYVwvFsgADBgQ0VMhLgqQHBQ7ftBhQwwLevgb0w4Sgo
UCDbXgMZ5vXqS7hjgL+n+JIp7LKwgsHPfDFWHOTm05UDHISr4BPBgtNxK4DzUHfChboH9gqd
TbvCLspqHEDYDWFDhqYDaK9r93TC7Am7JiUoUMvoxqZGeO9m+tRBBw8QDmQo4/lHFHdpCTxg
u+Bi7w0aJoTjYLdDXQODx8knoOEAcamTIIyLYD++OP5/+VAAOOF44BZwCYgmTv8FCMDHWQAD
imMgBqkkMAFGeIn1DDM4MABOBz4toF5RdbXVUAcXPdBWOwbMNw5bvCwihX7isBdbizVqsEs/
BhBITgP27aDgaPVBp1iP4rjXICcGSHSBByreZ1MkD26ig4I8IZATRfUtAJdOBERQF0cDYDCO
BbXBCKFefO1lmV7QNTbYAH9BRmM4EtR3yjh59vcbdEiGA2KDHS4AgQcXkFafZGwWEFmMgf7Y
oKOo/MXARaQRqkQTD/ojCo0+QXCBBeP51N+IisbWi5lJfvBBT6b+NQAEx22gG29M3bobXEKt
Q+s4FEQQAQas4hmRUBNsBF+kg+b1GAQRSCDBA/VJ15v/UB0ky84pPg66gbUbHIAAUItq2Glg
CqhnQQOiuvdThgZsEM54k76DYzgXXIdiBEsp8I18T0ro1p0ETBQmAi4W5daZ8lkAILNq6nAv
RW75KNc4EzS4QLdsGUxOuOIeYI6UR3B6xDsKpNUBBfm+ax9fwCygVrmrJnzwOR67qCTB43Cg
QcJK2lygjhhwvKTE4xyFgI8JPyBytxJ4nOnLbXJH5RFQJHARy0eN6eA98s5V5A4Ty+fzAeEJ
SoEERCXJFs8dCJXnUElXQEFd43jQU9vhsHWA0aggvSBbFkvwAQXA1uejBRfv9AFs0DmWhMkn
F5AORabuyEMBDOBZXzPFFiWt/7R+8+2Bqz0ZTTAFr5aGQAQXG14an69y8GLFbi9FzcSZdtt6
0nUxLc4Fho9ZmFObXj1EM3SKSkBp1Flled864jZxB6/+VFcGfGNfYvdvj5O9W8RGwKffB5z/
+ouK504174TnjvCCwSecZX8qWa0MElueTVxX6dIJWzCgDAWELl/X8YCB0Ja0B3zJbRog2ONe
theC9ckAocsTAiSIO3wlUIEiS1r8BGUqES5NQkzrAF4clYwq+YByy+uQLTJylCCNRIaSihGd
hFaXDQhvPoMimE+Y4gsLLiqD1WLf32yGt8GdkIQLc6Lv+DYqp/EiK1PaX0FwkK4LQIAorLFP
S/xFQ/8YNaNs8vHbE8VhAfBtkH0L4IER7ZMBPiVRHH77IR5/JkX3mZBjDeCbToZVlZokQnnL
81cbNWC7uSxFi7NIywVMBZ3FQGt0mOTAAA+gAQnMhnUP4MDoehgBUUrAjL3wVykloMl+YeCS
p3SLA1YZSwwIC5OYZMstp1UfYZkSNrCk1gF8SbqfREtaHOBX4A6CyCGg5TV1aQip8EcGGmWK
QpswgLi0x03Y8GWbsOrmmDCwTW+esZxu+Y02xwWbXaDTPhhgpzjdUs5xynMp69Reg+KpT5HJ
05uUceELm1mWanhAhRrYwIhUyA4dLAQj9CLZYURGUYomZzAZ8KfIiLXRNmH/sKMIYhM5RSYr
Oo00SKcgJ7HqlNGKbnQXHyUpXzj6vpNmoC8d7YtKzcERlujPhR7ygHGIMpGHbGABtMjIBVpJ
nadMQk69eMckTnEYYMAJGoQBTj8w46BuOOqrv8DML6hxGV+4KTJwyipVLBNQq47VqoTZQVOo
GjjkTY6gZVEABKTZgQgEhY2Mw9cpaRYV5t2QJdHwyFb2l48NlYQzWrXSOwRiEoLgAyow0QRU
qDEQcxmhAAv457giILwOjGdRuIGGIbNxEmyABLP9gIUWz7WhrGnRSgCBrWxpYtcs3lYIpxEX
PUPLyIhQoFSLItkqlpsHMXCGERhkzDdFi8/UMve6hIMYi0B/y6YFVFS52A0vHJybBKi0kE5x
jap41+sG8pZBquaNLXvnC4mocGN/q6WvfjX02/vmt7/7DTATtMsNZKCkH/sQsIKLIIKpPjcN
Pl2wgmEYCOtKmL4i2MujssphDuPhZLyN0YX1CwBXmfjEKE6xilfM4ha7+MUwjrGMZ0zjGs84
BAA7
--43DDFA12C__36-- |
|
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:
| said by WillieFox :
Below is the complete email with some coded MIME at the end. Anyone know what it is?
--43DDFA12C__36
Content-Type: image/jpeg;
name="pic.gif"
Content-Transfer-Encoding: base64
Would you edit your post please and remove the Base64 encoded mime content? Thanks. It's just an EL image called pic.gif. I decoded it so you can see it.
Regards,
Doctor Olds |
|
AAO_Player
@comcast.net
| reply to Bill_MI
Once ELNK NOC/Abuse gets one of these fraud emails, NOC nul routes the website on all of the routers and Earthlink DNS servers.
Abuse then sends the hosting of said fraud site a nasty email saying take it down or else.
There was a problem with godaddy.com hosted sites due to the number of fraud sites that godaddy setup. (not godaddy directly but people using godaddy) |
|
