Spoofers and Phishers

Be on the look out for Steam -spoofed e-mail.

Registrant:

   CountryPlans LLC

   5010 Inglewood Dr.

   Langley, Washington 98260

   United States

   Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)

   Domain Name: COUNTRYPLANS.COM

      Created on: 02-Aug-97

      Expires on: 01-Aug-13

      Last Updated on: 26-Mar-10

Dear PayPal account holder,

PayPal is constantly working to ensure security by regularly screening the accounts in our system. We have recently determined that different computers have tried logging into your PayPal account,and multiple password failures were present before the logons.

Until we can collect secure information, your access to sensitive account features will be limited. We would like to restore your access as soon as possible, and we apologize for the inconvenience.

Download and fill out the form to resolve

the problem and then log into your account.

Thanks ,

PayPal

Related articles

• PayPal vulnerability allows access to any account within 30 seconds (thenextweb.com)
• The (lack of) security at PayPal (msujaws.wordpress.com)
• If Caught in Hacking Crossfire, Defend Your Information Furiously (ghacks.net)
• PayPal persists in sending phishing-friendly emails (infoworld.com)
• Hackers Lulz Security reveals password and login details for Facebook, PayPal (theinformativereport.com)

Be on the look out for fake Facebook e-mail notifications telling you that someone is looking for you.  The spoofers used the 'notoficationsfacebook' handle in the email address, notoficationsfacebook @ myfisrstphotoinc.com.  The mail item originated from illimail.com (75.126.156.14), a domain currently hosted on godaddy.com.

Beware of email claiming to come from American Express warning you that your information is not complete.

Be on the look out for "Password Successfully Changed" e-mails that claims to be coming from Skype.  Needless to say that it looks slightly authentic but there is one gotcha that makes everything so suspicious -- a salutation that missing your name.

A day after I've received my Distinguished Professionals Online invite e-mail, I get another invite from the National Alliance of Male Executives.  The click-through link points to http://www.newjobclassifieds.com/ but that website is the default CentOS Apache 2 Test Page.  This domain is registered with the same domain name registrar as http://www.careertipstoday.com, the one hosting the Distinguish Professionals Online.

Dear Wu, John,

We are excited to offer you an extraordinary opportunity to take part in a complimentary listing in N.A.M.E. --- National Alliance Of Male Executives.

N.A.M.E. is a unique on-line community providing a premium service and forum for business and social Networking, discounts on Activities, Marketing solutions and Entertainment services.

We recognize male executives who have achieved professional success as well as those looking to further their career, expand their business opportunities and enjoy the finer things in life.

Our mission is to make your life easier by providing business, recreational and personal services.

As a member you can look forward to being featured among other like-minded executives and professionals as well as us providing you with the quality service you deserve.

Why spend hours searching other websites when you can use ours in just minutes?

Please click here to get started.

We look forward to accommodating you in the near future.

Sincerely,
Michael Wahl
Vice President, Public Relations


N.A.M.E
P.O. Box 235
Oyster Bay, NY 11771
USA


Confidentiality Notice: This e-mail communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. If you have received this communication in error, please delete the communication and unsubscribe from the mailing using the options available in this email.

To remove yourself from future mailings, please visit here to use our automated removal system. You will be removed from our mailing database within seven (7) days. 

Thanks

Domain Name:     newjobclassifieds.com
Registrar:       Name.com LLC

Protected Domain Services Customer ID: NCR-2960246

Expiration Date: 2011-12-05 04:46:28
Creation Date:   2010-12-05 04:46:28

Name Servers:
        ns1.newjobclassifieds.com
        ns2.newjobclassifieds.com

REGISTRANT CONTACT INFO
Protected Domain Services - Customer ID: NCR-2960246
P.O. Box 6197
Denver
CO
80206
US
Phone:         +1.7202492374
Email Address: newjobclassifieds.com@protecteddomainservices.com

ADMINISTRATIVE CONTACT INFO
Protected Domain Services - Customer ID: NCR-2960246
P.O. Box 6197
Denver
CO
80206
US
Phone:         +1.7202492374
Email Address: newjobclassifieds.com@protecteddomainservices.com

TECHNICAL CONTACT INFO
Protected Domain Services - Customer ID: NCR-2960246
P.O. Box 6197
Denver
CO
80206
US
Phone:         +1.7202492374
Email Address: newjobclassifieds.com@protecteddomainservices.com

BILLING CONTACT INFO
Protected Domain Services - Customer ID: NCR-2960246
P.O. Box 6197
Denver
CO
80206
US
Phone:         +1.7202492374
Email Address: newjobclassifieds.com@protecteddomainservices.com

Related articles

• Distinguished Professionals Online: SCAM (highwayman.org)
• Domain Registry Scams (cathystucker.com)
• Avoid Getting Conned By Facebook Email [Scams] (gawker.com)
• Domain transfer woes (ask.metafilter.com)
• China Domain Name Scams. It's A Scam! (chinalawblog.com)

Apparently, all my time and efforts on the IntraWeb has gotten me chosen as a potential candidate to represent my professional community in the 2011 Edition of "Distinguished Professionals Online".  Okay, definitely not legit.  You have to send them money.

Dear John,

You were recently chosen as a potential candidate to represent your professional community in the 2011 Edition of Distinguished Professionals Online.

We are pleased to inform you that your candidacy was formally approved January 24th, 2011. Congratulations.

The Publishing Committee selected you as a potential candidate based not only upon your current standing, but focusing as well on criteria from executive and professional directories, associations, and trade journals. Given your background, the Director believes your profile makes a fitting addition to our publication and our online network.

There is no fee nor obligation to be listed. As we are working off of secondary sources, we must receive verification from you that your profile is accurate. After receiving verification, we will validate your online listing within 7 business days.

Once finalized, your listing will share prominent registry space with thousands of fellow accomplished individuals across the globe, each representing accomplishment within their own geographical area.

To verify your profile and accept the candidacy, please visit here. Our registration deadline for this year's candidates is February 20th, 2011. To ensure you are included, we must receive your verification on or before this date. On behalf of our Committee I salute your achievement and welcome you to our association.

Sincerely,
Robert Patterson
Vice President, Research Division

Distinguished Professionals Online
26 Bond Street
Westbury, NY 11542, USA


Confidentiality Notice: This e-mail communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. If you have received this communication in error, please delete the communication and unsubscribe from the mailing using the options available in this email.

To remove yourself from future mailings, please visit here to use our automated removal system. You will be removed from our mailing database within seven (7) days.

Thanks

Domain Name:     careertipstoday.com
Registrar:       Name.com LLC

Protected Domain Services Customer ID: NCR-2960243

Expiration Date: 2011-12-05 04:46:26
Creation Date:   2010-12-05 04:46:26

Name Servers:
        ns1.careertipstoday.com
        ns2.careertipstoday.com

REGISTRANT CONTACT INFO
Protected Domain Services - Customer ID: NCR-2960243
P.O. Box 6197
Denver
CO
80206
US
Phone:         +1.7202492374
Email Address: careertipstoday.com@protecteddomainservices.com

ADMINISTRATIVE CONTACT INFO
Protected Domain Services - Customer ID: NCR-2960243
P.O. Box 6197
Denver
CO
80206
US
Phone:         +1.7202492374
Email Address: careertipstoday.com@protecteddomainservices.com

TECHNICAL CONTACT INFO
Protected Domain Services - Customer ID: NCR-2960243
P.O. Box 6197
Denver
CO
80206
US
Phone:         +1.7202492374
Email Address: careertipstoday.com@protecteddomainservices.com

BILLING CONTACT INFO
Protected Domain Services - Customer ID: NCR-2960243
P.O. Box 6197
Denver
CO
80206
US
Phone:         +1.7202492374
Email Address: careertipstoday.com@protecteddomainservices.com

Related articles

• Is research paper dom a scam (wiki.answers.com)
• The Most Common Scams and Rip-offs of 2010 (socyberty.com)
• Ten years of scams and Malware - McAfee looks at the past (thetechherald.com)
• Scam mail to be seized by police (bbc.co.uk)
• Wednesday Reading: Avoiding Vacation Rental Scams (bucks.blogs.nytimes.com)

Socially sharing knowledge has proven to come back to bite users in the proverbial butt, well in this case, me.  It wasn't a total success in duping me but the fact that the information I shared has come back to me.  This one comes from sharing your Netflix movie rental with the public in trying to make friends with the same taste in movies.  Spoofers have taken this public information and fashioned an e-mail to take on the form of a 'reported missing movie disc' notification.  This would have been very convincing e-mail but there was some mistakes.

You should examine the various links embedded in the e-mail, this e-mail all points to http://kimian.net/1.html ... not http://www.netflix.com .  Never click on any of the links that's provided in the e-mail if you have any suspicion about the origin of the e-mail; always go to the site directly by manually typing the URL.

The popular file sharing, YouSendIt, has been spoofed by attackers looking for unsuspecting recipients to open the zip file that's sent as an attachment.  The file is named 'YouSendIt_reader.zip' and it's about 10.3KB in size.

<Some Name> has sent you the following via YouSendIt

File attached to this letter.

YouSendIt, Inc. | Privacy Policy
1919 S. Bascom Ave., Campbell, CA 95008

The service, YouSendIt, is the FTP alternative.  Rather than having someone download the file via FTP (username/password), the owner of the file would simply upload the file to the server and, from there, he or she can have the service simply email the file to one or more email recipients.

YouSendIt has close to 12 million users with more than 15 million transfers monthly across 220 countries and is the solution of choice for businesses and independent professionals alike -- the latter including creative designers, photographers, business consultants and media producers. Over 10,000 corporate users from companies including Levi's, Ritz Camera, Vmware, Salesforce, Reuters and Kelly-Moore Paints rely on YouSendIt for the secure delivery of their time sensitive data

Related articles by Zemanta

• Messages with the YouSendIt Reader contains the Bredolab trojan (mxlab.eu)
• YouSendIt abused in a malware and spam distribution (mxlab.eu)

Excess Maximum Return Capital Profit (EMRCP) Project would like to help you achieve this goal for the benefit of both.  Yup, that's the email I gotten today from someone claiming to be part of the EMRCP Project.

Please review the attached copy of the detail and advise on how we can achieve this goal for the benefit of both.

As promised, there was an supposedly document attached to this email labeled as "THE DETAIL.doc" and it's about 25.0KB is size.  The payload's nature is currently unknown of it's intent but you don't click on it to find out on a whim.