2/09/2005
Beware If You Use Yahoo Mail
This is a warning that con artists are sending e mails saying that they are from Yahoo. Here is the text of the message.
X-Apparently-To: frannyward@yahoo.com via 206.190.37.240; Wed, 09 Feb 2005 13:54:50 -0800
Authentication-Results: mta169.mail.dcn.yahoo.com from=yahoo.com; domainkeys=neutral (no sig)
X-Originating-IP: [172.216.196.110]
Return-Path:
Received: from 172.216.196.110 (HELO ACD8C46E.ipt.aol.com) (172.216.196.110) by mta169.mail.dcn.yahoo.com with SMTP; Wed, 09 Feb 2005 13:54:50 -0800
Date: Thu, 10 Feb 2005 02:30:42 +0000
From: "Yahoo!" Add to Address Book
To: frannyward@yahoo.com
Subject: Your Bank Card Linking To frannyward@yahoo.com
MIME-Version: 1.0
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 7bit
Content-Length: 747
Dera Yah!oo Mrebme,
Tihs emlia was stne by the Yahoo! serevr to veyfir yuor bkna cadr inoitamrofn. Yuor bank ask Yooha! to doos
becasue semo of theri memrebs no lnoger hvae acssec to eliam addrseses on Yah!oo and thye nede to verfiy you.
You mtsu cpmolete tsih pecorss by clciking on the likn bleow:
http://******************************************************
and eiretnng yoru bnak ATM-Deibt Cdra numbre and PNI ttah you use on AMT.
I did click on the link (not shown because I couldn't right click and check properties through Explorer,) and it redirected to
http://onlinebankingb.mail15.com/ . This domain name resolves to the following:
02/09/05 20:09:02 IP block 81.211.64.118 Trying 81.211.64.118 at ARIN Trying 81.211.64 at ARINOrgName:RIPE Network Coordination Centre OrgID:
RIPEAddress: P.O. Box 10096City: AmsterdamStateProv: PostalCode: 1001EBCountry: NL
ReferralServer: whois://whois.ripe.net:43
NetRange: 81.0.0.0 - 81.255.255.255 CIDR: 81.0.0.0/8 NetName: 81-RIPENetHandle: NET-81-0-0-0-1Parent: NetType: Allocated to RIPE NCCNameServer: NS-PRI.RIPE.NETNameServer: NS3.NIC.FRNameServer: SUNIC.SUNET.SENameServer: AUTH62.NS.UU.NETNameServer: SEC1.APNIC.NETNameServer: SEC3.APNIC.NETNameServer: TINNIE.ARIN.NETComment:These addresses have been further assigned to users inComment: the RIPE NCC region. Contact information can be found inComment: the RIPE database at http://www.ripe.net/whoisRegDate:
Updated: 2004-03-16
# ARIN WHOIS database, last updated 2005-02-08 19:10# Enter ? for additional hints on searching ARIN's WHOIS database.
Going back to the original header I checked 172.216.196.110 , the apparent sender of this e mail. This is what came up.
02/09/05 20:18:12 IP block 172.216.196.110Trying 172.216.196.110 at ARINTrying 172.216.196 at ARIN
OrgName: America Online OrgID: AOLAddress: 22000 AOL WayCity: DullesStateProv: VAPostalCode: 20166Country: US
NetRange: 172.192.0.0 - 172.216.255.255 CIDR: 172.192.0.0/12, 172.208.0.0/13, 172.216.0.0/16 NetName: AOL-172BLK-2NetHandle: NET-172-192-0-0-1Parent: NET-172-0-0-0-0NetType: Direct AllocationNameServer: DAHA-01.NS.AOL.COMNameServer: DAHA-02.NS.AOL.COMNameServer: DAHA-07.NS.AOL.COMComment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLERegDate: 2002-02-13Updated: 2004-12-22
TechHandle: AOL-NOC-ARINTechName: America Online, Inc. TechPhone: +1-703-265-4670TechEmail: domains@aol.net
OrgAbuseHandle: AOL382-ARINOrgAbuseName: Abuse OrgAbusePhone: +1-703-265-4670OrgAbuseEmail: abuse@aol.net
OrgNOCHandle: AOL236-ARINOrgNOCName: NOC OrgNOCPhone: +1-703-265-4670OrgNOCEmail: noc@aol.net
OrgTechHandle: AOL-NOC-ARINOrgTechName: America Online, Inc. OrgTechPhone: +1-703-265-4670OrgTechEmail: domains@aol.net
# ARIN WHOIS database, last updated 2005-02-08 19:10# Enter ? for additional hints on searching ARIN's WHOIS database.
Notice the comment "ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE". I pinged it and as I suspected, it failed. What do you do when you get these e mails? DO NOT DIVULGE ANY BANKING INFORMATION TO ANYONE VIA THE INTERNET. Also, notice the e mail address abuse@aol.com . Most ISPs provide this for people to let them know that users are breaking their TOS (Terms of Service). I fowarded the above to AOL. Let's see what reply I get.
Subscribe to:
Post Comments (Atom)
Just wanted to drop a quick note and say thank you. I just received the same exact message in my email today. Normally I click happily away on the 'delete' key, but the 'your bank card linking' raised an eyebrow.
ReplyDeleteWhen an email arises that I'm uncertain of its origins, I always google the subject line to see if anything suspicious comes up. 9 times out of 10, it answers everything I need to know and then some. And, lo and behold, a search for 'your bank card linking' pulled up this post. So thank you! :)
*Not posting as 'Anonymous' exactly, I just don't have a blogger on here. Email is madelinekrieger@yahoo.com
Regards,
Madeline
Glad to have helped..
ReplyDeleteI got two of these too, just for double the pleasure! It definately is different from most scam emails, if you view the source they use all sorts of wierd symbols to assemble the message.
ReplyDeleteI had the same problem.. It seems the Russian/Soviet spam artists are hard at work trying to rip off unsuspecting Americans.
ReplyDeleteAnd to think that the Cold War is over.. We it isn't. Only the game has changed from chess to checkers.
I don't trust anyone, let alone forigners. I propose that our President get tough on these people who prey on us using the internet as a medium.
I will post any other information relative to this subject when I receive it.It's time we look out for each other!
Hi,
ReplyDeleteI was looking for the local news and found you just below it. I like what I have read so far and I have to say I agree with most if not all of your postings. I am currently stuck on the other side of the world. I do want to comment on your KBR post. Many forget that they were big in Vietnam also. Keep up the good work.
You should have known it was a scam the very second they asked you for your account number and pin. Never give that information out no matter who they claim to be.
ReplyDeletewell fran you really did a number on this guy, my computer is useless thanx to you or whoever is tampering with it, either way i have called the 703 number and got nothing except rudness, are you mascarading as a scam, because your aol address is not known by aol or microsoft, i wonder why people like you do these things, whatever your intent, sooner or later the truth comes out
ReplyDeleteflyhg@aol.com said...
ReplyDelete"well fran you really did a number on this guy, my computer is useless thanx to you or whoever is tampering with it"
You got to be kidding.. Your either a spammer yourself, or a NooB.