Saturday, June 18, 2011

How a web host enables scammers.....

I received an email supposedly from:
dataservice.member@gmail.com

What truely shocked me was the fact that the email made it through the spam filters at Gmail and my internet service provider to which I have my emails forwarded.
Its a phishing email, explained here:
http://en.wikipedia.org/wiki/Phishing

The fake email was as follows:
from
Gmail dataservice.member@gmail.com
accounts@google.com
date Sat, Jun 18, 2011 at 11:30 AM
subject Your Account
hide details 11:30 AM (18 minutes ago)
G-mail is working on total security on all accounts and as a result of this security upgrade we require all Google members to verify their account with Google.If you are still interested in using our email service, Please click the reply button and fill the below spaces as requested.

Complete Name:
Recent Password:
Confirm Password:
Birth Date:
Occupation:
Registered Year:
Present State/Country:

Warning: Your Account will be deleted and shut down permanently if you failed to provide the details above. Gmail will not be heard responsible for your negligence.

Thanks for your support.

Now, if you look at the emails "headers" (below) you'll see its not from Google.

The email is from a domain set up on GoDaddy:
http://www.khsksx.com/

I am quite sure that GoDaddy wouldn't allow this type of activity on their servers, however, the domain was created using a non-existant email account on Yahoo.
The registrant is listed as being from
Market Ave N Canton
   Oh, Ohio 43214
   United States
(This person's stolen credit card was used to pay GoDaddy for the hosting of the site used for the fake email.)
You can get that data here:
http://www.internic.net/whois.html
You can file a complaint here:
http://wdprs.internic.net/
The non existant email address used was:
judldjd@yahoo.com
http://pulse.yahoo.com/judldjd
(you get a blank page)

Registering a domain using false data is against the ICAAN rules for registering web sites.
This is explained here:
http://www.icann.org/en/announcements/advisory-10may02.htm

What are the penalties for this?
Basically none.
Thats how and why scammers get away with creating fake sites.
There is no real accountability.

Here are the headers from the phishing email:

Delivered-To:  netscammers@gmail.com
Received: by 10.229.96.208 with SMTP id i16cs41517qcn;
        Sat, 18 Jun 2011 08:30:21 -0700 (PDT)
Received: by 10.90.249.28 with SMTP id w28mr3899252agh.40.1308411020877;
        Sat, 18 Jun 2011 08:30:20 -0700 (PDT)
Return-Path: kshdk@khsksx.com
Received: from p3plwbeout15-04.prod.phx3.secureserver.net (p3plsmtp15-04-2.prod.phx3.secureserver.net [173.201.193.40])
        by mx.google.com with SMTP id s18si5210901anp.10.2011.06.18.08.30.20;
        Sat, 18 Jun 2011 08:30:20 -0700 (PDT)
Received-SPF: neutral (google.com: 173.201.193.40 is neither permitted nor denied by best guess record for domain of kshdk@khsksx.com) client-ip=173.201.193.40;
Authentication-Results: mx.google.com; spf=neutral (google.com: 173.201.193.40 is neither permitted nor denied by best guess record for domain of kshdk@khsksx.com) smtp.mail=kshdk@khsksx.com
Received: (qmail 884 invoked from network); 18 Jun 2011 15:30:19 -0000
Received: from unknown (HELO localhost) (173.201.193.118)
  by p3plwbeout15-04.prod.phx3.secureserver.net with SMTP; 18 Jun 2011 15:30:19 -0000
Received: (qmail 23132 invoked by uid 99); 18 Jun 2011 15:30:19 -0000
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset="utf-8"
X-Originating-IP: 41.18.131.117
User-Agent: Web-Based Email 5.5.05
Message-Id: <20110618083017.ea1dd01c931fd552aa8834b6661c0c4e.6b5c45688f.wbe@email15.secureserver.net>
From: "Gmail" <dataservice.member@gmail.com>
X-Sender: kshdk@khsksx.com
To: accounts@google.com
Subject: Your Account
Date: Sat, 18 Jun 2011 08:30:17 -0700
Mime-Version: 1.0

...and yes I reported the incident to Google and GoDaddy.
Lets see how fast they respond.......

Oh! what a tangled web we weave When first we practise to deceive! Sir Walter Scott NEVER use instant payment services like Western Union or MoneyGram to buy items on the internet

0 comments:

Post a Comment