| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: remko at elvandar.org (Remko Lodder) Subject: [Fwd: Please contact me !!! 800 453 2287] Hi there, Before i forget: Happy newyear to all of you It is actually possible that they are trying to harvest accounting information from persons who are not that smart by thinking this is bogus. It is also possible these persons want to ehm DoS ibtco.com persons since there will going to be people who will call the valid phonenumber. In my opinion one can best ignore the email and just pay attention about wherethe email might be originated from. Don't reply to it, and never ever call the number displayed. HTH, Regards, Remko Lodder Elvandar.org -----Oorspronkelijk bericht----- Van: full-disclosure-bounces@...ts.elvandar.org [mailto:full-disclosure-bounces@...ts.elvandar.org]Namens Meeusen, Charles D Verzonden: maandag 5 januari 2004 17:30 Aan: full-disclosure@...ts.netsys.com Onderwerp: RE: [Full-Disclosure] [Fwd: Please contact me !!! 800 453 2287] Actually, I'm glad this was posted since I also received this (to my personal email address) and I've just spent the last 20 minutes or so investigating it. I usually just send my spam to trash and move on but this one caught my eye. If others got it, and can explain what's happening, I'd appreciate it. What I found: The email originated from c-24-126-245-82.we.client2.attbi.com [24.126.245.82] The phone number really is valid for a group called ibtco.com who I have no association with. Google search for "lidiya aliyeva" only returns these log segments: Jan 4 23:13:32 horsey testmail[11038]: i057DUSs011038: from=<lidiya.aliyeva@...co.com>, size=2056, class=0, nrcpts=1, msgid=<000701c3d34a$b5fd68b0$0101c80a@a>, proto=SMTP, daemon=testv4, relay=h62n2fls34o867.telia.com [217.208.39.62] Jan 4 23:13:34 horsey testmail[11060]: i057DXXC011053: to=lidiya.aliyeva@...co.com, delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=212631, relay=ibtco.com.mail5.psmtp.com. [12.158.35.251], dsn=2.0.0, stat=Sent (Thanks) Jan 4 23:13:34 horsey testmail[11062]: i057DXKR011052: to=lidiya.aliyeva@...co.com, delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=212625, relay=ibtco.com.mail5.psmtp.com. [12.158.35.251], dsn=2.0.0, stat=Sent (Thanks) Which can be seen in it's entirety here: http://test.smtp.org/log This isn't by any stretch an exhaustive inquiry, but I'd love to have someone who knows better than me tell me what's happening here. Why would email that, from all outward appearances seem to be spam, be sent with a valid phone number of a (seemingly) valid company but via (seemingly) nefarious means(seemingly) be trying to get banking info from me? C. -----Original Message----- From: the measly one [mailto:measlymonkey@...planet.org] Sent: Monday, January 05, 2004 4:29 AM To: full-disclosure@...ts.netsys.com Subject: RE: [Full-Disclosure] [Fwd: Please contact me !!! 800 453 2287] > andrewg@...net.au wrote: > > > For what its worth. I'm sure someone here knows the correct places to > report things like these. > > Headers: <snip> thank you for your spam, but i get enough on my own. why dont you trace it and find out where it came from? seems like the next logical step. the meas _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-disclosure mailing list Full-disclosure@...ts.elvandar.org http://lists.elvandar.org/mailman/listinfo/full-disclosure
Powered by blists - more mailing lists