Saturday, June 18, 2011

How a web host enables scammers.....

I received an email supposedly from:

What truely shocked me was the fact that the email made it through the spam filters at Gmail and my internet service provider to which I have my emails forwarded.
Its a phishing email, explained here:

The fake email was as follows:
date Sat, Jun 18, 2011 at 11:30 AM
subject Your Account
hide details 11:30 AM (18 minutes ago)
G-mail is working on total security on all accounts and as a result of this security upgrade we require all Google members to verify their account with Google.If you are still interested in using our email service, Please click the reply button and fill the below spaces as requested.

Complete Name:
Recent Password:
Confirm Password:
Birth Date:
Registered Year:
Present State/Country:

Warning: Your Account will be deleted and shut down permanently if you failed to provide the details above. Gmail will not be heard responsible for your negligence.

Thanks for your support.

Now, if you look at the emails "headers" (below) you'll see its not from Google.

The email is from a domain set up on GoDaddy:

I am quite sure that GoDaddy wouldn't allow this type of activity on their servers, however, the domain was created using a non-existant email account on Yahoo.
The registrant is listed as being from
Market Ave N Canton
   Oh, Ohio 43214
   United States
(This person's stolen credit card was used to pay GoDaddy for the hosting of the site used for the fake email.)
You can get that data here:
You can file a complaint here:
The non existant email address used was:
(you get a blank page)

Registering a domain using false data is against the ICAAN rules for registering web sites.
This is explained here:

What are the penalties for this?
Basically none.
Thats how and why scammers get away with creating fake sites.
There is no real accountability.

Here are the headers from the phishing email:

Received: by with SMTP id i16cs41517qcn;
        Sat, 18 Jun 2011 08:30:21 -0700 (PDT)
Received: by with SMTP id w28mr3899252agh.40.1308411020877;
        Sat, 18 Jun 2011 08:30:20 -0700 (PDT)
Received: from ( [])
        by with SMTP id s18si5210901anp.10.2011.;
        Sat, 18 Jun 2011 08:30:20 -0700 (PDT)
Received-SPF: neutral ( is neither permitted nor denied by best guess record for domain of client-ip=;
Authentication-Results:; spf=neutral ( is neither permitted nor denied by best guess record for domain of
Received: (qmail 884 invoked from network); 18 Jun 2011 15:30:19 -0000
Received: from unknown (HELO localhost) (
  by with SMTP; 18 Jun 2011 15:30:19 -0000
Received: (qmail 23132 invoked by uid 99); 18 Jun 2011 15:30:19 -0000
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset="utf-8"
User-Agent: Web-Based Email 5.5.05
Message-Id: <>
From: "Gmail" <>
Subject: Your Account
Date: Sat, 18 Jun 2011 08:30:17 -0700
Mime-Version: 1.0

...and yes I reported the incident to Google and GoDaddy.
Lets see how fast they respond.......

Oh! what a tangled web we weave When first we practise to deceive! Sir Walter Scott NEVER use instant payment services like Western Union or MoneyGram to buy items on the internet

Leia Mais…