2/09/2005

Beware If You Use Yahoo Mail

This is a warning that con artists are sending e mails saying that they are from Yahoo. Here is the text of the message. X-Apparently-To: frannyward@yahoo.com via 206.190.37.240; Wed, 09 Feb 2005 13:54:50 -0800 Authentication-Results: mta169.mail.dcn.yahoo.com from=yahoo.com; domainkeys=neutral (no sig) X-Originating-IP: [172.216.196.110] Return-Path: Received: from 172.216.196.110 (HELO ACD8C46E.ipt.aol.com) (172.216.196.110) by mta169.mail.dcn.yahoo.com with SMTP; Wed, 09 Feb 2005 13:54:50 -0800 Date: Thu, 10 Feb 2005 02:30:42 +0000 From: "Ya޶hoo!" Add to Address Book To: frannyward@yahoo.com Subject: Your Bank Card Linking To frannyward@yahoo.com MIME-Version: 1.0 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: 7bit Content-Length: 747 De‮ra‬ Yah‮!oo‬ M‮rebme‬, T‮ih‬s em‮lia‬ was s‮tne‬ by the Yahoo! ser‮ev‬r to ve‮yfir‬ y‮uo‬r b‮kna‬ ca‮dr‬ i‮noitamrofn‬. Y‮uo‬r bank ask Y‮ooha‬! to do‮os ‬ beca‮su‬e s‮emo‬ of the‮ri‬ mem‮reb‬s no l‮no‬ger h‮va‬e ac‮ssec‬ to e‮liam‬ addr‮se‬ses on Yah‮!oo‬ and th‮ye‬ ne‮de‬ to ver‮fi‬y you. You m‮tsu‬ c‮pmo‬lete t‮sih‬ p‮ecor‬ss by cl‮ci‬king on the li‮kn‬ b‮le‬ow: http://****************************************************** and e‮iretn‬ng yo‮ru‬ b‮na‬k ATM-De‮ib‬t C‮dra‬ numb‮re‬ and P‮NI‬ t‮tah‬ you use on A‮MT‬. I did click on the link (not shown because I couldn't right click and check properties through Explorer,) and it redirected to http://onlinebankingb.mail15.com/ . This domain name resolves to the following: 02/09/05 20:09:02 IP block 81.211.64.118 Trying 81.211.64.118 at ARIN Trying 81.211.64 at ARINOrgName:RIPE Network Coordination Centre OrgID: RIPEAddress: P.O. Box 10096City: AmsterdamStateProv: PostalCode: 1001EBCountry: NL ReferralServer: whois://whois.ripe.net:43 NetRange: 81.0.0.0 - 81.255.255.255 CIDR: 81.0.0.0/8 NetName: 81-RIPENetHandle: NET-81-0-0-0-1Parent: NetType: Allocated to RIPE NCCNameServer: NS-PRI.RIPE.NETNameServer: NS3.NIC.FRNameServer: SUNIC.SUNET.SENameServer: AUTH62.NS.UU.NETNameServer: SEC1.APNIC.NETNameServer: SEC3.APNIC.NETNameServer: TINNIE.ARIN.NETComment:These addresses have been further assigned to users inComment: the RIPE NCC region. Contact information can be found inComment: the RIPE database at http://www.ripe.net/whoisRegDate: Updated: 2004-03-16 # ARIN WHOIS database, last updated 2005-02-08 19:10# Enter ? for additional hints on searching ARIN's WHOIS database. Going back to the original header I checked 172.216.196.110 , the apparent sender of this e mail. This is what came up. 02/09/05 20:18:12 IP block 172.216.196.110Trying 172.216.196.110 at ARINTrying 172.216.196 at ARIN OrgName: America Online OrgID: AOLAddress: 22000 AOL WayCity: DullesStateProv: VAPostalCode: 20166Country: US NetRange: 172.192.0.0 - 172.216.255.255 CIDR: 172.192.0.0/12, 172.208.0.0/13, 172.216.0.0/16 NetName: AOL-172BLK-2NetHandle: NET-172-192-0-0-1Parent: NET-172-0-0-0-0NetType: Direct AllocationNameServer: DAHA-01.NS.AOL.COMNameServer: DAHA-02.NS.AOL.COMNameServer: DAHA-07.NS.AOL.COMComment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLERegDate: 2002-02-13Updated: 2004-12-22 TechHandle: AOL-NOC-ARINTechName: America Online, Inc. TechPhone: +1-703-265-4670TechEmail: domains@aol.net OrgAbuseHandle: AOL382-ARINOrgAbuseName: Abuse OrgAbusePhone: +1-703-265-4670OrgAbuseEmail: abuse@aol.net OrgNOCHandle: AOL236-ARINOrgNOCName: NOC OrgNOCPhone: +1-703-265-4670OrgNOCEmail: noc@aol.net OrgTechHandle: AOL-NOC-ARINOrgTechName: America Online, Inc. OrgTechPhone: +1-703-265-4670OrgTechEmail: domains@aol.net # ARIN WHOIS database, last updated 2005-02-08 19:10# Enter ? for additional hints on searching ARIN's WHOIS database. Notice the comment "ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE". I pinged it and as I suspected, it failed. What do you do when you get these e mails? DO NOT DIVULGE ANY BANKING INFORMATION TO ANYONE VIA THE INTERNET. Also, notice the e mail address abuse@aol.com . Most ISPs provide this for people to let them know that users are breaking their TOS (Terms of Service). I fowarded the above to AOL. Let's see what reply I get.
Posted by

8 comments:

  1. Anonymous7:31 PM, February 10, 2005

    Just wanted to drop a quick note and say thank you. I just received the same exact message in my email today. Normally I click happily away on the 'delete' key, but the 'your bank card linking' raised an eyebrow.

    When an email arises that I'm uncertain of its origins, I always google the subject line to see if anything suspicious comes up. 9 times out of 10, it answers everything I need to know and then some. And, lo and behold, a search for 'your bank card linking' pulled up this post. So thank you! :)

    *Not posting as 'Anonymous' exactly, I just don't have a blogger on here. Email is madelinekrieger@yahoo.com

    Regards,
    Madeline

    ReplyDelete
  2. Franny Ward7:18 AM, February 11, 2005

    Glad to have helped..

    ReplyDelete
  3. Anonymous10:48 AM, February 11, 2005

    I got two of these too, just for double the pleasure! It definately is different from most scam emails, if you view the source they use all sorts of wierd symbols to assemble the message.

    ReplyDelete
  4. Franny Ward6:23 PM, February 12, 2005

    I had the same problem.. It seems the Russian/Soviet spam artists are hard at work trying to rip off unsuspecting Americans.

    And to think that the Cold War is over.. We it isn't. Only the game has changed from chess to checkers.

    I don't trust anyone, let alone forigners. I propose that our President get tough on these people who prey on us using the internet as a medium.

    I will post any other information relative to this subject when I receive it.It's time we look out for each other!

    ReplyDelete
  5. Anonymous2:58 AM, May 03, 2005

    Hi,
    I was looking for the local news and found you just below it. I like what I have read so far and I have to say I agree with most if not all of your postings. I am currently stuck on the other side of the world. I do want to comment on your KBR post. Many forget that they were big in Vietnam also. Keep up the good work.

    ReplyDelete
  6. Anonymous3:54 PM, July 29, 2006

    You should have known it was a scam the very second they asked you for your account number and pin. Never give that information out no matter who they claim to be.

    ReplyDelete
  7. Anonymous12:58 PM, July 08, 2007

    well fran you really did a number on this guy, my computer is useless thanx to you or whoever is tampering with it, either way i have called the 703 number and got nothing except rudness, are you mascarading as a scam, because your aol address is not known by aol or microsoft, i wonder why people like you do these things, whatever your intent, sooner or later the truth comes out

    ReplyDelete
  8. Franny Ward1:47 PM, July 08, 2007

    flyhg@aol.com said...

    "well fran you really did a number on this guy, my computer is useless thanx to you or whoever is tampering with it"

    You got to be kidding.. Your either a spammer yourself, or a NooB.

    ReplyDelete

Feel free to post your thoughts... Try to keep it clean.

Subscribe to: Post Comments (Atom)