| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 134807 | 2013-08-15 22:21:00 | A well disguised scam! | Billy T (70) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1351366 | 2013-08-15 22:21:00 | Hi Team Got an email this morning, ostensibly from Telecom. Dear User, Recently, we have detected some unusual activity on your account and as a result, we've upgraded the security of your account for your protection. To upgrade Click Here Thanks Telecom Customer Care :tui: It rang all the usual alarm bells, so I did my standard checks in Mailwasher but couldn't find any of the typical payload cues apart from an excessive amount of header-type stuff. Nor could I see any linkage between the 'click here' and any means of activation. I did wonder why I needed to 'click to upgrade' though, when they said I was already upgraded. It had four legit Xtra IP addresses scattered throughout, but no '.zip's or anything else suspicious to suggest danger, then I noticed another IP address right near the end, well concealed. Bingo: inetnum: 41.138.184.0 - 41.138.191.255 netname: VISAFONE-LAGOS-PDSN2 descr: Visafone Communications Limited, descr: 12, Ologun Agbaje Street, descr: Victoria Island, descr: Lagos country: NG admin-c: FY2-AFRINIC tech-c: FY2-AFRINIC status: ASSIGNED PA mnt-by: VISAFONE-MNT remarks: Managed by Network Solutions Provider [VISAFONE] source: AFRINIC # Filtered parent: 41.138.160.0 - 41.138.191.255 person: Fred Young nic-hdl: FY2-AFRINIC address: 33 Saka Tinubu Street address: Victoria Island address: Lagos Nigeria address: Lagos address: Nigeria I still can't see how it was going to work, but it is history now. Feel free to circulate that IP address to any spam farmers you might know. Cheers Billy 8-{) :thumbs: |
Billy T (70) | ||
| 1351367 | 2013-08-15 23:22:00 | Got one last week. Something to do with an Apple account. Dont have one, so I deleted it. It came from localatclear.net.nz or something. Or some stupid email addy | Speedy Gonzales (78) | ||
| 1351368 | 2013-08-15 23:40:00 | Impressive effort, I don't bother checking them out I just delete them. If it looks legit I will manually go to the website and check it out but often I won't even bother with that. A couple of times I have forwarded them to the appropriate support e-mail to deal with but it's not always easy to find where to send them to so I stopped doing that too. |
dugimodo (138) | ||
| 1351369 | 2013-08-16 01:43:00 | A few unwary people will be caught out. Best to delete it. | Bobh (5192) | ||
| 1351370 | 2013-08-16 02:24:00 | Bloody Nigerians! :P | Chilling_Silence (9) | ||
| 1351371 | 2013-08-16 04:27:00 | Dear User, Recently, we have detected some unusual activity on your account and as a result, we've upgraded the security of your account for your protection. To upgrade Click Here Thanks Telecom Customer Care: No company ever monitors anything about your account and they never contact you with stuff like that. Anything that starts off Dear Customer or whatever.....gets deleted instantly at my end. |
pctek (84) | ||
| 1351372 | 2013-08-16 10:34:00 | No company ever monitors anything about your account and they never contact you with stuff like that. Anything that starts off Dear Customer or whatever.....gets deleted instantly at my end. I don't get too many, and I'm a bit of a ferret reincarnated, but with less fur, so I like to lift the veil occasionally and see what lies behind. The brief round of aussie-based scams a while back were immaculately structured, with all the fruit from the genuine site and they were very convincing indeed. The devil was in the detail though, and that was where they fell down. The aussie thing didn't last long and I reckon their mistake was to pick on the big guys, who probably let loose the hounds of hell and wiped the floor with them. Digging though them is a no-risk exercise provided you don't have to download anything. Cheers Billy 8-{) |
Billy T (70) | ||
| 1351373 | 2013-08-17 06:50:00 | I got one too, Billy, it was a text on my cell from a person allegedly with the NZ Defence force in Afghanistan, who wanted to buy my car at the full price asked (on Trademe). He said a friend in the Force had the same car and he must have. Checked the text country of origin and it was Bolivia !! Don't know what the scam was going to be ? Perhaps ask for some money to transit or similar ? Sent a text back saying "How is life in Bolivia ?" Misty |
Misty (368) | ||
| 1351374 | 2013-08-19 06:58:00 | I got one too, Billy, it was a text on my cell from a person allegedly with the NZ Defence force in Afghanistan, who wanted to buy my car at the full price asked (on Trademe). I'm not sure how they work that scam, it is not like they can take off with the vehicle, so it must be an apparent 'overpayment' that they ask you to refund. I guess they hook the seller with the 'full asking price' deal then, then 'accidentally' transfer too much money, get the seller to remit it back (via Western Union or whatever), then how it works from there I don't know, but I bet a couple of minutes searching would find the instruction manual :D Cheers Billy 8-{) :) |
Billy T (70) | ||
| 1351375 | 2013-08-19 07:43:00 | They want you to forward monies as a fee for brokerage or something similar, then a mate of theirs will pick it up. | Whenu (9358) | ||
| 1 | |||||