Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Anatomy of an embryonic identity-theft-by-email

By circletimessquare in Internet
Wed Aug 13, 2003 at 05:53:28 AM EST
Tags: Help! (Ask Kuro5hin) (all tags)
Help! (Ask Kuro5hin)

I would like to inform Kuro5hin of an identity thief-by-email I seemed to have caught. The question is, what should I do? I have informed Yahoo, but have received a simple form letter in return. This guy is definitely plagueing other users of Yahoo, as his email was flagged as bulk from Yahoo's own email services, indicating that he is spamming many Yahoo users.

I thought informing Kuro5hin would be a good start, as I do not know where else to get the word out. And if anyone knows of another way I can get the word out, please tell me, as this is no joke. I have been on Kuro5hin for awhile, and written a number of stories. This is the real deal. Warn any less savvy Yahoo users you know please.


This morning I received an email that I will try to recreate, fully knowledgeable that much of the header information may be forged. Additionally, my own Yahoo ID is blocked out by me like this: XXXMYYAHOOIDXXX.

Here is the text (originally HTML, including impressive graphics):

Dear Yahoo! User,
We encountered a billing error when attempting to renew your Yahoo! service. This type of error usually indicates that either the credit card you have on file has expired or that the billing address we have is not current.
This is your final notice. Please take a moment to update your credit card information by clicking here and submitting your information.
Please note that we will attempt to renew your service five days from today. If we are still unable to charge your credit card at that time, your service will be terminated.
Sincerely,
Yahoo! Billing Department

Here is the header information:

X-Apparently-To: XXXMYYAHOOIDXXX@yahoo.com via 216.136.131.210; Mon, 11 Aug 2003 06:45:03 -0700
X-YahooFilteredBulk: 218.109.180.160
Return-Path:
Received: from 218.109.180.160 (HELO d60-66-218.try.wideopenwest.com) (218.109.180.160)
by mta154.mail.sc5.yahoo.com with SMTP; Mon, 11 Aug 2003 06:45:02 -0700
Date: Mon, 11 Aug 2003 22:49:26 +0000
From: Billing
Subject: Request For Updated Information, XXXMYYAHOOIDXXX 735
To: XXXMYYAHOOIDXXX
References:
In-Reply-To:
Message-ID:
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit

The link in the email above goes here:
http://www.yahoo-wallet.com/

The text on that link as of right now:

We encountered a billing error when attempting to renew your Yahoo! service. This type of error usually indicates that either the credit card you have on file has expired or that the billing address we have is not current.
Please take a moment to update your credit card information by filling in the form below.
Your E-Mail:
Password:
First Name:
Last Name:
ZIP:
Check or Credit Card #:
Expiration Date:
Check/ATM PIN:
Information transmitted using 128bit SSL encryption.
Please note that we will attempt to renew your service five days from today. If we are still unable to charge your credit card at that time, your service will be terminated.

There is NO SSL on this page. This is what set off my alarm bells. And the URL as you can see is questionable. The email header information is very specious as well.

I looked at the page source, it is thus (changed the html greater than/ less than symbols):

(title)(title)(frameset border=0 rows = "1,*")
(frame src="empty.asp")
(frame src="http://211.105.95.214/ult" name="main")
(/frameset)

If you go into browser and navigate to The IP Address listed in the frame in the code above, http://211.105.95.214/ult, you get a quasi-reverse domain look up, and you'll notice it resolves to: http://hardrape.net/ult/

Hard Rape indeed.

Less savvy users will notice none of these things.

I went to http://www.dnsstuff.com/ and typed in the 211.105.95.214 IP address and got the following information (http://www.dnsstuff.com/tools/whois.ch?ip=211.105.95.214):

PLEASE NOTE THAT THESE MAY BE VICTIMS OR UNWITTING DUPES AS WELL AS NOT THE ORIGINAL PERPS.

WHOIS results for 211.105.95.214
Generated by www.DNSstuff.com
Country: KOREA-KR
ARIN says that this IP belongs to APNIC; I'm looking it up there.
APNIC says that this IP belongs to KRNIC; I'm looking it up there.
query: 211.105.95.214
# ENGLISH
KRNIC is not ISP but National Internet Registry similar with APNIC.
Please see the following end-user contacts for IP address information.
IP Address : 211.105.92.0-211.105.95.255
Network Name : KORNET-XDSL-KOYANG
Connect ISP Name : KORNET
Connect Date : 20000220
Registration Date : 20010604
[ Organization Information ]
Orgnization ID : ORG201746
Org Name : KOYANG NODE
State : KYONGGI
Address : 1010 MADUDONG ILSANKU KOYANGSI
Zip Code : 411-350
[ Admin Contact Information]
Name : GilSoon Park
Org Name : KOREA TELECOM
State : SEOUL
Address : 128-9 Youngundong Chongroku
Zip Code : 110-460
Phone : +82-2-747-9213
Fax : +82-2-766-5901
E-Mail : gspark@kornet.net
[ Technical Contact Information ]
Name : Won Kang
Org Name : KOREA TELECOM
State : SEOUL
Address : 128-9 Youngundong Chongroku
Zip Code : 110-460
Phone : +82-2-747-9213
Fax : +82-2-766-5901
E-Mail : ip@ns.kornet.net

According to networksolutions.com whois, yahoo-wallet.com IS NOT YAHOO, but the person below:

PLEASE BE AWARE THAT THIS PERSON MAY BE A VICTIM OR DUPE AS WELL, AND NOT THE PERP.

yahoo-wallet.com Back-order this name
Registrant:
Dank, Richard (GZYBRRKIQD)
65 Chenango dr
Jericho, NY 11753
US
Domain Name: YAHOO-WALLET.COM
Administrative Contact:
Dank, Richard (35430048P) dirk0p@gmx.net
65 Chenango dr
Jericho, NY 11753
US
5164596167
Technical Contact:
Network Solutions, Inc. (HOST-ORG) namehost@WORLDNIC.NET
21355 Ridgetop Circle
Dulles, VA 20166
US
1-888-642-9675 fax: 123 123 1234
Record expires on 14-Jun-2004.
Record created on 14-Jun-2003.
Database last updated on 11-Aug-2003 14:11:03 EDT.
Domain servers in listed order:
NS.DYNU.COM 198.144.7.114
NS1.DYNU.COM 204.246.72.17

I am pretty sure that I have an embryonic identity thief here. Kuro5hin, what else should I do besides contacting Yahoo?

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Related Links
o Kuro5hin
o Yahoo
o http://www .yahoo-wallet.com/
o http://211 .105.95.214/ult"
o http://211 .105.95.214/ult
o http://har drape.net/ult/
o http://www .dnsstuff.com/
o http://www .dnsstuff.com/tools/whois.ch?ip=211.105.95.214
o Also by circletimessquare


Display: Sort:
Anatomy of an embryonic identity-theft-by-email | 105 comments (77 topical, 28 editorial, 0 hidden)
Interesting ... (5.00 / 1) (#1)
by srutis on Mon Aug 11, 2003 at 04:28:51 PM EST

They want to know the ATM PIN .. but they do not want to know the card type ..

Assuming it's a debit-type card (5.00 / 2) (#4)
by misfit13b on Mon Aug 11, 2003 at 04:44:49 PM EST

the first four digits tell you what type of card it is.

Generally, the first digit = 4 is Visa, 5 is Mastercard and 6 is Discover.

[ Parent ]
The algorithm's kinda complicated (none / 0) (#34)
by curien on Mon Aug 11, 2003 at 07:47:07 PM EST

I once wrote a simple script for some testers at Gilbarco (a gas pump manufacturer) that identified the type of card based on the card number. There were like 32 different types of cards to identify. That was the first program I ever sold to a company.

--
John Ashcroft hates me for my freedom.
[ Parent ]
LCDA (none / 0) (#52)
by ph317 on Tue Aug 12, 2003 at 01:25:03 AM EST


There's also the Luhn Check Digit Algorithm to consider when doing a cursory check of a random CC number.  I forget the alg but I'm sure google would turn it up.  Essentially there's a built-in checksum in all CC numbers, if it comes up wrong, you've got a definite fake CC number.  Inventing numbers that have a correct checksum is a no-brainer, but at least it weeds out most typos and really stupid people typing in random numbers.

[ Parent ]
Googled (none / 0) (#58)
by Cameleon on Tue Aug 12, 2003 at 07:39:14 AM EST

For those who don't want to google, here is a good link explaining the check. More documents on the check, including source code and some other properties of credit card numbers are among the other search results.

[ Parent ]
Might wanna try here (5.00 / 4) (#6)
by misfit13b on Mon Aug 11, 2003 at 04:52:04 PM EST

The FTC Identity Theft site. They have a complaint form there.

thanks but (none / 0) (#8)
by circletimessquare on Mon Aug 11, 2003 at 04:59:32 PM EST

i'm not a victim, so i can't file a complaint, and i can't find on their site where i can WARN the FTC of this kind of thing that will happen soon or is happening now to other yahoo users


The tigers of wrath are wiser than the horses of instruction.

[ Parent ]
Beg to Differ (5.00 / 3) (#14)
by virg on Mon Aug 11, 2003 at 05:37:13 PM EST

You say you're not a victim, but you received the email. Therefore, you can file with the FBI. Check your local FBI office, or hit their web site and file a complaint there.

Virg
"Imagine (it won't be hard) that most people would prefer seeing Carrot Top beaten to death with a bag of walnuts." - Jmzero
[ Parent ]
thanks (nt) (none / 0) (#15)
by circletimessquare on Mon Aug 11, 2003 at 05:38:22 PM EST



The tigers of wrath are wiser than the horses of instruction.

[ Parent ]
Looks oddly familiar ... (5.00 / 3) (#13)
by Simon Kinahan on Mon Aug 11, 2003 at 05:27:43 PM EST

I got an almost identical form, sent by email to my regular email address. This one claimed to be from PayPal, and used a URL-spoofing trick to make sure the "submitted" page also had a PayPal-like URL (I didn't submit anything - I poked around in the HTML source). It was pretty convincing, right down to copying PayPal's HTMl style - but it was the shere volume of info requested (CC number, PayPal password, *and* ATM pin ?) that made me  very suspicious. That seemed to have come from somewhere in Germany. I submitted it to PayPal, but they don't seem to care much.

Obviously someone is sending these cons out in bulk, masquerading as coming from various reputable web companies, relying on the fact that out of a few hundred thousand recipients, one or two will fall for it.

Simon

If you disagree, post, don't moderate

Past experience (5.00 / 10) (#18)
by onyxruby on Mon Aug 11, 2003 at 06:09:39 PM EST

I have some experience that parallels what your dealing with and can tell you some. I used to have to deal with this kind of thing for a living back when I was a skip tracer. I was one of the two people in the (rather large well known) company that was authorized to handle large balance accounts. Large balance accounts were the accounts that had at least $5,000 on them, typically starting at about $8,000. Working accounts that had balances up to into six figures was part of what I did on a daily basis.

In other words, what I'm trying to say is that I was one of those people that discovered and dealt with a lot of identity theft. I've told more people than I can remember that they had been victimized. Funny thing was, looking at the CBR's (Credit Bureau Reports) I could usually tell if there was a case of identity theft within half a minute. (Makes me wonder why automated software for approvals doesn't find more of them). Tracking people down who are victims is easy, tracking down the perpetrators is often not very difficult. The hard part is getting anybody to do anything about it.

Certain thresholds for damages have to be exceeded in order for law enforcement to get involved. I don't recall the exact thresholds off the top of my head, but it's usually at least $5,000. A person who gets nailed for a few hundred bucks is going to be lucky to get a police report taken. A person who get's taken for a few grand will soon discover that the credit companies have no interest in pursuing their case. Get taken for $20,000 (if memory serves) and your case gets taken by the Secret Service. Most people don't realize that the Secret Service handles financial crimes, counterfitting and the like, not the FBI. Providing information to the Secret Service and alerting them to the crime was something I did routinely.

Sometimes if our fraud wasn't enough for the threshold I'd call up contacts at other institutions and see if they'd cooperate with me on the matter. Why the minimum? Simple really, identity theft is so common that if they pursued anything but the worst offenders they'd be overwhelmed. Think of this as being something like a back door that everybody knows about, and nobody can afford to fix.

If you can show enough damages to get their attention, chances are pretty good that something will happen to the perpetrator. It's getting their attention that is difficult. Remember the credit companies will almost always prefer to take a "loss" to pursuing legal action. It's not worth their time or money to pursue most cases. Frankly, they don't want the publicity of their name being associated with fraud / crime.

In your case your dealing with crimes in the making, not yet people who have been duped. If you could trace it back and see where it goes you would stand a chance of finding victim names. If you could discover victims and do enough research to show that they have met the current thresholds for the Secret Service to pursue, you could get them on the case. You could always try to tip them off, but you'll never know if your tip did anything or not. If they can't afford the resources to pursue it, they don't want someone to know this, and if they can, they aren't going to risk jeopardizing an active investigation.

I could put down a lot more about identity theft here, but this post is long as it is, so ask specific questions if you have them.

The moon is covered with the results of astronomical odds.

I sentence you to 3 hours of community service! (5.00 / 1) (#73)
by jabber on Tue Aug 12, 2003 at 03:13:19 PM EST

I'd be very interested in reading an article about your experience, with any tips you might have for avoiding the problem in the first place.

[TINK5C] |"Is K5 my kapusta intellectual teddy bear?"| "Yes"
[ Parent ]

Reports (4.66 / 3) (#19)
by Zombie Uday Hussein on Mon Aug 11, 2003 at 06:15:15 PM EST

First contact whoever is responsible for d60-66-218.try.wideopenwest.com, that is where the e-mail came from and it's most likely an open proxy.

Contact Joker.com and get the domain registration pulled for hardrape.net. Contact ns-hoster.com for serving DNS for hardrape.net. Contact the Korean contact and report the web server 211.105.95.214, and also contact DYNU.com for serving DNS for yahoo-wallet.com, and Verisign for registering yahoo-wallet.com.

And of course, Yahoo and the feds.

I voted this down because this happens ALL the time. It's taken more seriously than spam, but it is nothing out of the ordinary. More serious is when someone breaks into the DNS of an ISP and redirects requests for a site like eBay or Paypal.

--
not ZOMBIE turkey. just turkey. maybe a little mayo.

my policy (3.00 / 4) (#21)
by circletimessquare on Mon Aug 11, 2003 at 06:23:00 PM EST

is that if a story elicits a reply from me, it deserves +1 fp, no matter what i think of the story

this is because i vote a story based on the discussion it provokes, and nothing else

i honestly think my policy is better than yours, as you have replied to my story, yet voted it down

this does not make any sense to me

vote it up and reply

or vote it down and don't reply

anything else seems hypocritical to me


The tigers of wrath are wiser than the horses of instruction.

[ Parent ]

I disagree. (5.00 / 3) (#35)
by ZorbaTHut on Mon Aug 11, 2003 at 07:49:25 PM EST

Sometimes a story's terrible, but I feel the need to respond anyway. Often such responses are of the form "this story is terrible and here's why". Occasionally they aren't. I rate stories based partially on whether it's a good story and based partially on whether it's likely to spawn good conversation. Thus, a perfectly-written abortion-related rant gets a -1 because we've heard it all before, while an amusing obvious troll attempt gets a +1fp because it's just so funny and will spawn great comments (and because it won't get on the front page anyway, no matter what I vote :P)

This story is boring to me. I've seen it before, I know it happens, and the comments are dull beyond all reason. -1, despite the fact that I commented.

[ Parent ]

i think you're a hypocrite (nt) (1.00 / 1) (#48)
by circletimessquare on Mon Aug 11, 2003 at 10:45:31 PM EST



The tigers of wrath are wiser than the horses of instruction.

[ Parent ]
Agreed. (none / 0) (#60)
by GRiNGO on Tue Aug 12, 2003 at 07:47:18 AM EST

This is why I think you should not be able to comment on stories in the queue, except those in edit... and those should be editorial comments only. Quite how you would stop people abusing the editorial comments though, I dont know...

--
"I send you to Baghdad a long time. Nobody find you. Do they care, buddy?" - Three Kings


[ Parent ]
this is a first time id theft attempt for me (nt) (none / 0) (#22)
by circletimessquare on Mon Aug 11, 2003 at 06:29:50 PM EST



The tigers of wrath are wiser than the horses of instruction.

[ Parent ]
Dank, Richard (GZYBRRKIQD) (4.00 / 2) (#20)
by kpaul on Mon Aug 11, 2003 at 06:20:25 PM EST

Dick Dank, eh?

seriously, shouldn't there be a scam site or something that informs people? get the word out. i don't know. will be interesting to see people's comments...


2014 Halloween Costumes

a commentary on your sig (in agreement) (none / 0) (#29)
by circletimessquare on Mon Aug 11, 2003 at 07:24:04 PM EST

http://www.kuro5hin.org/comments/2003/7/24/05621/1813/4#4


The tigers of wrath are wiser than the horses of instruction.

[ Parent ]
Yeah. (none / 0) (#100)
by SPYvSPY on Thu Aug 14, 2003 at 11:06:41 AM EST

Isn't that the guy from The Band? Or is that guy dead now? I'm sure he needs the money by now, unless he's dead, in which case (if you believe what you read around here) he's apparently aiming for brain-eating opportunities.
------------------------------------------------

By replying to this or any other comment in this thread, you assign an equal share of all worldwide copyright in such reply to each of the other readers of this site.
[ Parent ]

Did you call the phone number? (3.75 / 4) (#23)
by egg troll on Mon Aug 11, 2003 at 06:29:59 PM EST

Did you see if Mr Dank's phone number was valid? I'd be interested to know the results of that.

He's a bondage fan, a gastronome, a sensualist
Unparalleled for sinister lasciviousness.

i doubt if he exists (5.00 / 1) (#24)
by circletimessquare on Mon Aug 11, 2003 at 06:37:53 PM EST

i called the 516 number (with *67 to block my id)

some guy answered

not richard dank

not in jericho

private cell phone number

maybe it's the perp, maybe it's a dupe

sounded quite helpful actually

maybe i should call him back and tell him what his phone number is attached to


The tigers of wrath are wiser than the horses of instruction.

[ Parent ]

i called him back (5.00 / 3) (#25)
by circletimessquare on Mon Aug 11, 2003 at 06:42:31 PM EST

told him yahoo-wallet.com was registered with his phone number attached

he told me he would look into it and appreciated the call

didn't sound surprised or confused at all

i don't know who the guy was (i think i heard him answer the call with "walt"), but based on his blase demeanor, he could be the fucking perp! ;-P


The tigers of wrath are wiser than the horses of instruction.

[ Parent ]

told him it was an id theft scam too (nt) (none / 0) (#26)
by circletimessquare on Mon Aug 11, 2003 at 06:43:07 PM EST



The tigers of wrath are wiser than the horses of instruction.

[ Parent ]
Did he casually ask you about your PIN? :) /nt (5.00 / 1) (#88)
by laotic on Wed Aug 13, 2003 at 05:13:12 PM EST


Sig? Sigh.
[ Parent ]
...know what? (3.00 / 3) (#37)
by SaintPort on Mon Aug 11, 2003 at 08:06:22 PM EST

you're alright.

I appreciate the info and the way you presented it.

+1 FP!

<><
  you're friendly neighborhood fundamentalist.


--
Search the Scriptures
Start with some cheap grace...Got Life?

well, duh. (4.25 / 4) (#39)
by reklaw on Mon Aug 11, 2003 at 08:29:16 PM EST

This happens all the time.

I've seen PayPal and AOL versions of pretty much the same thing -- if you've ever seen AOL's email screen, it has a big warning telling you to never give out any AOL account details by e-mail because of exactly this kind of thing (or it did last time I saw it anyway).

The PayPal version was actually quite good. It had every appearance of really being from PayPal -- forged headers to make it look like it came from an actual PayPal email address, a perfect copy of the PayPal design. What's more you'd never realise that it could transmit info to anyone but PayPal unless you knew enough to look at the HTML source of the mail and see that the submit button actually posted your info to someone else's php page. Wish I'd kept it somewhere, actually. It was impressive.

But anyway, you won't save people from identity theft of this type any more than you'll stop them from responding to spam or work-from-home scams. Just delete it and move on -- warn your friends and family to NEVER enter sensitive information (including passwords) in an email form or even on a form page linked from an email (when would you ever really need to do that?). Keeping their wits about them would be good too -- the excuses to get your details are usually quite obvious, the most common one being that the site has had a technical error and lost them in some way. There'll also be some sort of time-related threat attached to stop them from delaying and thinking before responding.

Really, though, I just find it hard to have any sympathy for people who'd fall for something like this. It's pretty obvious, and most companies with any real presence on the Internet go out of their way to warn their customers about it. What can you do if people don't listen?
-

I got that one once (none / 0) (#46)
by zrail on Mon Aug 11, 2003 at 10:12:06 PM EST

I didn't save it either, but the thing that tipped me off was that I had never registered that email account with PayPal. Kinda curious, no? Took a look at the source and, sure enough, it didn't submit to PayPal at all.

[ Parent ]
Oddly enough... (none / 0) (#47)
by reklaw on Mon Aug 11, 2003 at 10:21:34 PM EST

...I got it a few days after I first registered with PayPal. That was what threw me for like the first ten seconds, until I'd thought it through.
-
[ Parent ]
Me too! (none / 0) (#77)
by it certainly is on Wed Aug 13, 2003 at 07:15:34 AM EST

I'll agree, it certainly does look like PayPal. However:
  • Would PayPal really ask people to provide information in an HTML email form? No, they would ask people to log in to their SSL secured site at www.paypal.com first.
  • Given that Paypal already know what my full name, credit card number and expiry date is, they would not ask me for it to "verify I'm still active", especially not in an email.
  • PayPal would NEVER ask me for an ATM PIN number. They have absolutely no need for it. I don't even need it to sign up.
How could anyone be scammed by that? Surely the criminals would prefer not to be so obvious, to get a few more results.

kur0shin.org -- it certainly is

Godwin's law [...] is impossible to violate except with an infinitely long thread that doesn't mention nazis.
[ Parent ]

Virus (5.00 / 1) (#43)
by epcraig on Mon Aug 11, 2003 at 08:45:21 PM EST

It's a virus, which propagates via a dictionary attack, and it mis-identifies its orgin as admin@your_ISP.com
There is no EugeneFreeNet.org, there is an efn.org
Re: Virus (none / 0) (#70)
by elemental on Tue Aug 12, 2003 at 01:42:43 PM EST

I don't think so. The virus you're thinking of (W32.Mimail.A@mm), has a .zip file attached that contains the payload. This looks like a run-of-the-mill phisher scam, the kind that have been going around for years. All major ISPs have been targeted at one time or another, as well as Amazon, Ebay, Paypal, etc. The intention of this is to collect passwords and credit card numbers.

--
I love my country but I fear my government.
--> Contact info on my web site --


[ Parent ]
it's cases like these... (4.00 / 8) (#45)
by rmg on Mon Aug 11, 2003 at 09:47:20 PM EST

where we should just let nature take its course.

do not fight the tao. embrace it.

the flow of things is as a great river. rapid and raging.

the master does not fight the river.

the master navigates its flow skillfully.

thus he makes his way through the world.

such is the way of the master.

_____ intellectual tiddlywinks

zen and the art of email maintenance (nt) (5.00 / 5) (#50)
by circletimessquare on Tue Aug 12, 2003 at 12:50:22 AM EST



The tigers of wrath are wiser than the horses of instruction.

[ Parent ]
Yahoo Email sucks lately (none / 0) (#51)
by Mister Pmosh on Tue Aug 12, 2003 at 01:23:15 AM EST

My wife has somehow had spam sent from one of her yahoo email accounts. She definitely didn't send it, it was forged, but she got some stuff bouncing back that she didn't send, and it was ads.
"I don't need no instructions to know how to rock!" -- Carl
It's not just Yahoo (none / 0) (#55)
by fraise on Tue Aug 12, 2003 at 04:03:55 AM EST

It seems to be happening to everyone lately.

[ Parent ]
I've almost never gotten valid mail on yahoo. (5.00 / 1) (#62)
by porkchop_d_clown on Tue Aug 12, 2003 at 08:40:49 AM EST

I have a yahoo mail account as a side effect of using messenger. It regularly floods with spam, but I've never gotten a real e-mail on it.


--
His men will follow him anywhere, but only out of morbid curiousity.


[ Parent ]
Yahoo does suck... (none / 0) (#64)
by Danse on Tue Aug 12, 2003 at 11:08:36 AM EST

I get tons of spam from yahoo email addresses. It's quite annoying.




An honest debate between Bush and Kerry
[ Parent ]
That's not Yahoo! (none / 0) (#105)
by wolverine1999 on Wed Sep 17, 2003 at 02:17:00 AM EST

It isn't Yahoo! which sends the email. The spammers have a list of email addresses which they simply put in the From: field. That's all there is to it. It's difficult to prove that Yahoo! is involved somehow. It probably isn't.

[ Parent ]
let em identity steal my cash! (1.00 / 1) (#53)
by dimaq on Tue Aug 12, 2003 at 02:19:10 AM EST

not that I'm really that old-fashioned, but I know some who are!

You admit to using Yahoo email, -1. (nt) (1.00 / 6) (#54)
by hovil on Tue Aug 12, 2003 at 03:10:03 AM EST



1, tired one line brush off (4.60 / 5) (#57)
by circletimessquare on Tue Aug 12, 2003 at 07:07:49 AM EST



The tigers of wrath are wiser than the horses of instruction.

[ Parent ]
Yahoo is great (none / 0) (#82)
by nebbish on Wed Aug 13, 2003 at 10:01:06 AM EST

Where else would I get all those fantastic septic tank offers?

---------
Kicking someone in the head is like punching them in the foot - Bruce Lee
[ Parent ]

I would... (4.66 / 3) (#59)
by GRiNGO on Tue Aug 12, 2003 at 07:39:28 AM EST

...contact The Register and maybe some other similar IT news outlets. This will help inform others of the fraud and might prove a positive step in getting it shut down.

--
"I send you to Baghdad a long time. Nobody find you. Do they care, buddy?" - Three Kings


Excellent Use of White Space on K5: +1 (FP) (4.00 / 3) (#61)
by OldCoder on Tue Aug 12, 2003 at 08:27:29 AM EST

Generally speaking, circletimesquare uses whitespace in comments more creatively than others, and is consistently literate, even when wrong on the issues. For these reasons, as well as consistent brevity, circletimesquare deserves to get a story voted up.

Oh, and the fraud reminder is a good thing too. Can't be too careful.

--
By reading this signature, you have agreed.
Copyright © 2003 OldCoder

my william shatner school of typing (5.00 / 2) (#63)
by circletimessquare on Tue Aug 12, 2003 at 09:15:13 AM EST

is a zen koan

that your simple mind

cannot grasp

like an ant

cannot grasp

the tree it lives on

;-P

The tigers of wrath are wiser than the horses of instruction.

[ Parent ]

I don't think OldCoder was being sarcastic (none / 0) (#76)
by SaintPort on Wed Aug 13, 2003 at 02:20:07 AM EST

He was being lighthearted, but he is right and he gave you +1FP.

<><

--
Search the Scriptures
Start with some cheap grace...Got Life?

[ Parent ]

as opposed to my sarcastic lightheartedness? lol (none / 0) (#89)
by circletimessquare on Wed Aug 13, 2003 at 05:15:07 PM EST

the only one not lighthearted and sarcastic in this thread right now is you friend ;-) xoxoxoxoxoxoxoxoxoxoxoxoxox

The tigers of wrath are wiser than the horses of instruction.

[ Parent ]
HAHAHAHA: -1 (2.40 / 5) (#68)
by skyknight on Tue Aug 12, 2003 at 12:13:19 PM EST

Gimme a break... You go to a random, non-yahoo site and enter in your email address, password, credit card number and bank atm PIN?!!? pfffbtahahahahah! That is so over the top that anybody who actually provides all that information deserves to be tarred and feathered.



It's not much fun at the top. I envy the common people, their hearty meals and Bruce Springsteen and voting. --SIGNOR SPAGHETTI
the strong protect the weak, not laugh at them (4.80 / 5) (#69)
by circletimessquare on Tue Aug 12, 2003 at 12:42:31 PM EST

i guess you are not strong

don't mistake my kindness for weakness

it is always good to be charitable to those less skillful than you

your geekoid ego masturbation means nothing except you are an asshole

protect the weak, capice?

fight these id theft scum, no matter how obvious their exploits

it remains that they are id theft scum preying on the innocent, no matter how stupid you think the innocent are

some of the noobs who fall for this shit include your grandparents, your mom, your coworker at work (which affects your system)

so keep laughing nerdboy

doesn't make you cool, or even a funny jackass

just makes you a total asshole

xoxoxoxoxoxoxoxox

;-P


The tigers of wrath are wiser than the horses of instruction.

[ Parent ]

The internet isn't just for male geeks like (5.00 / 1) (#81)
by nebbish on Wed Aug 13, 2003 at 09:57:48 AM EST

Some people want to be able to use the thing without having to spend valuable drinking / fucking / clubbing time sat in with no mates reading a fucking O'Reilly book.

How little life do you have that think other people don't have one either?

---------
Kicking someone in the head is like punching them in the foot - Bruce Lee
[ Parent ]

Actually, I don't think there is an O'Reilly book (5.00 / 3) (#83)
by skyknight on Wed Aug 13, 2003 at 10:27:45 AM EST

for this subject matter. You'd have to go to a completely different line of texts: How Not To Be A Complete Fucking IdiotTM On The Internet, For DummiesTM.

The Internet is a total red herring in this matter, and thus so is your pathetic O'Reilly book joke, and the correspondingly juvenile stock-phrase "you have no life" quip. Do you assemble your insults from Mad-Libs books? It does not take any special intelligence to know not to give away my CC numbers and ATM PINs to random people, regardless of whether it's in person, over the phone, or on the Internet. Thus I have plenty of time left over to be away from my computer for drinking/fucking/clubbing, your narrow and shallow definition of "a life", as well as many other interesting things.

"Ooh! Look! Look! I flail on the dance floor, drink from the caboose of another organism, and engage in the same physical act that most wild animals manage to do within a few years of birth! I'm almost certainly a better person than skyknight, who I've never once met in real life! Dear fellow K5ers, validate me, my fragile ego and my over blown inferiority complex! I'm dying for your love!"



It's not much fun at the top. I envy the common people, their hearty meals and Bruce Springsteen and voting. --SIGNOR SPAGHETTI
[ Parent ]
hahaha (4.00 / 4) (#71)
by delmoi on Tue Aug 12, 2003 at 01:45:37 PM EST

The lack of SSL is what set off alarm bells? Not the fact that it had been flaged as bulk or that it was some random domain with the word 'yahoo' in it?
--
"'argumentation' is not a word, idiot." -- thelizman
That got me too (none / 0) (#96)
by sticky on Thu Aug 14, 2003 at 01:51:16 AM EST

Also, didn't the fact that they asked for his ATM PIN number make him a tad suspicious?  

Of course, it is CTC, so he's probably just reading comments like this and laughing.


Don't eat the shrimp.---God
[ Parent ]

Identity thiefs (2.00 / 3) (#74)
by transient0 on Tue Aug 12, 2003 at 05:09:17 PM EST

identity thiefs are not for catching or for turning in, they are for ignoring.

if i had nickel for every time someone tried to steal my identity, i'd have at least a handful of nickels. And that's not even counting credit card fraud.
---------
lysergically yours

I'm all right Jack (4.00 / 4) (#79)
by synaesthesia on Wed Aug 13, 2003 at 08:29:53 AM EST

So, being internet-savvy, you happen to be able to spot this particular type of confidence trick. Woe betide you if you ever get caught out elsewhere, cause there's bound to be someone who could have spotted it, who by your logic oughtn'y have tried to prevent it happening to you. "You should have just not done that!"


Sausages or cheese?
[ Parent ]
the strong protect the weak, not ignore them (2.00 / 2) (#90)
by circletimessquare on Wed Aug 13, 2003 at 07:28:34 PM EST

i guess you are not strong

don't mistake my kindness for weakness

it is always good to be charitable to those less skillful than you

your geekoid ego masturbation means nothing except you are an asshole

protect the weak, capice?

fight these id theft scum, no matter how obvious their exploits

it remains that they are id theft scum preying on the innocent, no matter how stupid you think the innocent are

some of the noobs who fall for this shit include your grandparents, your mom, your coworker at work (which affects your system)

so keep ignoring this, nerdboy

doesn't make you cool, or even a knowledgeable jackass

just makes you a total inconsiderate cynical asshole, to be proud of how much you don't care

xoxoxoxoxoxoxoxox

;-P


The tigers of wrath are wiser than the horses of instruction.

[ Parent ]

my point (none / 0) (#99)
by transient0 on Thu Aug 14, 2003 at 10:46:21 AM EST

was that the internet provides such a simple and efficient mask of anonymity that it is actually significantly less work and likely to be more effective to try and inform those who are ignorant about these kinds of shemes than it would be to try and catch these guys and put them in jail.

When my parents went on the internet, I explained the most common types of scams and schemes to them (no, you don't have to mail that guy your password, no, bill gates will not ever send you any money no matter how many times you forward that, etc.)

By doing that, I have made it so that they are much less likely to fall for such a scheme, they are healthily skeptical.

There are thousands or hundreds of thousands of internet scam artists out there and if we were trying to catch them one by one while not educating people it would take a tremendously long time to achieve the same results.

you might say that we should educate the potential victims AND try to catch the perpetrators. I say that one is so much easier and more efficient than the other, that trying to do the second is a tremendous waste of time and effort.
---------
lysergically yours
[ Parent ]

Yahoo (1.60 / 5) (#75)
by sypher on Tue Aug 12, 2003 at 05:47:55 PM EST

I have several email accounts, one at Yahoo! I use the Yahoo! to receive Spam, solicitations I don't ask for, and registration activations for forums and downloads that I do.

They have no access or knowledge of my credit cards e.t.c or any real data about me at all.

I would never consider giving them any money as their service is only used from time to time as a convienience they offer for free, with strings attached.

The advertising, you might be suprised to learn how much Yahoo! can know about you from these ads, but then you did read the terms of service didn't you?

You do notice the 'this page contains elements' warning don't you, or do you hide those dialogs?

At the bottom of yahoo! in some places it say: 'Yahoo! collect personal information..'

-1 for being naive. If you are too lazy to read, then its just tough shit when this happens.

You have revealed a method for abusing yahoo!'s populace of sometime gullible people, I don't think this is a story, put it in your diary instead is my advice.

I dreamt of it once, now I fear it dreams of me

Yahoo, yourself! (5.00 / 1) (#78)
by synaesthesia on Wed Aug 13, 2003 at 08:22:50 AM EST

If you are too lazy to read

How ironic. This story has nothing to do with the personal information Yahoo collects about you. It has to do with the personal information someone pretending to be associated with Yahoo wants to collect about you.

P.S. "Solicitations I don't ask for"? That would be one of those unnecessary superfluous tautologies, no?

Sausages or cheese?
[ Parent ]

So... (4.66 / 3) (#80)
by nebbish on Wed Aug 13, 2003 at 09:52:42 AM EST

Rather than warning other people about this, circletimessquare shouldn't even mention it?

What I hate about scams like this is that my great uncle, who is in his 80s and enjoying his first steps on the information superhighway, could easily fall victim.

Presuming that everyone who uses the internet is technically aware is blinkered and naive, and sums what is wrong with the entire IT industry.

---------
Kicking someone in the head is like punching them in the foot - Bruce Lee
[ Parent ]

So... (none / 0) (#84)
by Ta bu shi da yu on Wed Aug 13, 2003 at 10:52:48 AM EST

Your great uncle, who is in his 80s and enjoying his first steps on the information superhighway, reads Kuro5hin?

Yours humbly,
Ta bù shì dà yú

---
AdTIה"the think tank that didn't".
ה
[ Parent ]

Good point (5.00 / 1) (#85)
by nebbish on Wed Aug 13, 2003 at 11:13:11 AM EST

I could have worded that better. Ive sent him a copy of the email and warned him to ignore it.

---------
Kicking someone in the head is like punching them in the foot - Bruce Lee
[ Parent ]

So... (none / 0) (#93)
by circletimessquare on Wed Aug 13, 2003 at 07:38:54 PM EST

what the fuck is your point?

don't talk about id theft anywhere for any reason?

"well, it's not the right forum for total noobs"

well, who gives a fuck? it's a forum

talking about this always helps, no matter what

The tigers of wrath are wiser than the horses of instruction.

[ Parent ]

Well! (5.00 / 1) (#97)
by Ta bu shi da yu on Thu Aug 14, 2003 at 05:02:23 AM EST

Did somebody get out of the wrong side of the bed this morning?

Read what you will into my comment. Make sure you tell us all what you think I'm trying to say! I'll be sitting back watching with my bucket of popcorn, enjoying the show.

Yours humbly,
Ta bù shì dà yú

---
AdTIה"the think tank that didn't".
ה
[ Parent ]

No. (none / 0) (#98)
by synaesthesia on Thu Aug 14, 2003 at 06:42:45 AM EST

BUT I read Kuro5hin, and it made me think to send an email to my parents, just in case.

Sausages or cheese?
[ Parent ]
So, (1.00 / 1) (#86)
by cbraga on Wed Aug 13, 2003 at 11:34:11 AM EST

it's like there were no scams 50 years ago...

ESC[78;89;13p ESC[110;121;13p
[ Parent ]
Of course (5.00 / 1) (#87)
by nebbish on Wed Aug 13, 2003 at 11:50:58 AM EST

But that doesn't make this one any better, or mean people shouldn't be warned.

---------
Kicking someone in the head is like punching them in the foot - Bruce Lee
[ Parent ]

gee (3.00 / 2) (#92)
by circletimessquare on Wed Aug 13, 2003 at 07:37:38 PM EST

what a wonderful observation

who gives a fuck? doesn't change a damn thing about this issue, asswipe

The tigers of wrath are wiser than the horses of instruction.

[ Parent ]

the strong and the weak (1.00 / 1) (#91)
by circletimessquare on Wed Aug 13, 2003 at 07:35:56 PM EST

don't mistake my kindness for weakness

it is always good to be charitable to those less skillful than you

your geekoid ego masturbation means nothing except you are an asshole, laughing at and ignoring the weak and innocent on the web

is the internet some fucking geek private club? you have to have a fucking cs degree in crypto and security before you can fucking use the internet?

that's your attitude, you arrogant elitist asshole

protect the weak, capice?

do you  hear me you fucking asshole?

THE STRONG PROTECT THE WEAK, NOT LAUGH AT THEM OR IGNORE THEM OR YELL "RTFM!"

fight these id theft scum, no matter how obvious their exploits

it remains that they are id theft scum preying on the innocent, no matter how stupid you think the innocent are

repeat: the emphasis are on the id theft scum, not the innocent who they prey on, do you understand the concept?

your attitude is akin to letting the rapist off because "well, she shouldn't have worn that skirt, obviously"

NO ASSHOLE, MAYBE THE RAPIST IS THE CULPABLE PARTY. GEE, WHAT A FUCKING CONCEPT

you are a complete and utter asshole

some of the noobs who fall for this shit include:

  1. your grandparents
  2. your mom
  3. your coworker at work (which affects your system)
so keep ignoring and excusing the id thefts, nerdboy

doesn't make you cool, or even a knowledgeable jackass

just makes you a total inconsiderate cynical asshole, to be proud of how much you don't care

i am SO FUCKING SICK AND TIRED of nerdboys you rub their smugness in the face of those who aren't in their fucking "i know a little bit more than a script kiddie" club

EDUCATE THEM

don't masturbate your ego SHIITING ON THEM, capice?

xoxoxoxoxoxoxoxox

smooches asswipe


The tigers of wrath are wiser than the horses of instruction.

[ Parent ]

i would like to address the hopeless nerboys here (2.20 / 5) (#94)
by circletimessquare on Wed Aug 13, 2003 at 07:48:06 PM EST

there are a lot of comments below about:
  1. this is not the place to talk about this
  2. id theft victims deserve what they get
don't mistake my kindness for weakness

it is always good to be charitable to those less skillful than you

it is always good to talk about this sort of crime, i any forum

a lot of the l;uaghter and ignoring of id theft victims amounts to nothing but geekoid ego masturbation

do you laugh at and ignore the weak and innocent on the web?

is the internet a geek private club?

do you have to have a cs degree in crypto and security before you can use the internet?

that's the attitude of the arrogant and elitist

protect the weak, capice?

yelling "RTFM!" does not help

fight these id theft scum, no matter how obvious their exploits

it remains that they are id theft scum preying on the innocent, no matter how stupid you think the innocent are

repeat: the emphasis are on the id theft scum, not the innocent who they prey on, do you see that?

the holier-than-thou attitude of the nerdboys out there is akin to letting the rapist off because "well, she shouldn't have worn that skirt, obviously"

NO, MAYBE THE RAPIST IS THE CULPABLE PARTY

you protect the weak and the innocent, you do not laugh at them or ignore them, that is the sign of true strength

some of the noobs who fall for this shit include:

  1. your grandparents
  2. your mom
  3. your coworker at work (which affects your system)
so keep ignoring and excusing the id thefts, nerdboy

doesn't make you cool, or even a knowledgeable jackass

just makes you a total inconsiderate cynical asshole, to be proud of how much you don't care

i am so tired of nerdboys you rub their smugness in the face of those who aren't in their "i know a little bit more than a script kiddie" club

we TALK ABOUT THIS and we EDUCATE the innocent and weak, we do not LAUGH AT THEM and IGNORE THEM

don't masturbate your ego SHIITING ON THEM, capice?

xoxoxoxoxoxoxoxox

smooches y'all, socially inept nerdboys


The tigers of wrath are wiser than the horses of instruction.

Wow (none / 0) (#103)
by Resonant on Mon Aug 18, 2003 at 05:45:49 PM EST

I agree...although that was kinda...loud.

It is human nature to look down upon those who have less physically, mentally, financially, etc. That doesnt make it right. How many geeks have been looked down upon themselves? I know I have. So before you flame the people who will never see the posts, remember: there are things you dont know about, and maybe one day they will come back to haunt you...

"Im sorry sir, I had to rebuild your entire engine, and replace the wheels too..."

Remember, 99% of the people on the internet just want to check their email and surf the web.

"I answer, 'This is _quantitative_ religious studies.'" - glor
[ Parent ]

I get these a lot (5.00 / 1) (#95)
by ad hoc on Wed Aug 13, 2003 at 08:47:37 PM EST

but mostly, they're from people who pretend to be either Paypal or eBay.

Internet or not, no one, no one, no one, will ever ask for an ATM PIN unless it's a scam. Ever. Full stop. Even at a grocery store or in the bank, you key in your PIN. You don't give it to anyone. Evar.

If you got a call on the phone from some "telemarketer" who says "you may have just won..." but they need your ATM and pin to award the prize, it's a scam. Always was, always will be.

These types of scams are not new, it's just that they're using the Internet rather than the phone, or coming to your door.


--

What to do. (none / 0) (#101)
by haflinger on Thu Aug 14, 2003 at 09:46:14 PM EST

This is not Yahoo!'s job. They're not the police.

The FBI is the police. Let them know. Or if you're not an American, contact whatever appropriate fraud squad you have in town. If you're desperately confused, call your local cop-shop. They should know who has jurisdiction to investigate these types of offenses.

Did people from the future send George Carlin back in time to save rusty and K5? - leviramsey

A coupla questions (none / 0) (#102)
by Merc on Sun Aug 17, 2003 at 12:27:06 PM EST

First of all, if you reproduced the headers faithfully, it says "From: Billing". In other words, an obviously malformed, illegal "from" address. This is one of the first things I look at. Did you spot that, and didn't it clue you in?

Second of all, why would you believe that Yahoo is billing you? I thought everything they provided was free. Free email, free groups, free searches... So why would you believe they are billing you for something?

Anyhow, I'm protected in a large part from these types of scams by my spam filter. If someone tries to fake something like this, there's a good chance they will end up creating email headers that don't comply with the relevant RFCs. My spam filter (SpamAssassin) notes this and flags the email as spam.

I don't know if malformed headers are also noticed by spam filters built into most mail programs, but they certainly should be. I personally think that an MTA shouldn't ever even show you mail that doesn't comply to the right RFCs. This would not only make it harder for spam to get through, it would also force mailers to send proper email.



Why don't companies like Yahoo use GPG/PGP? (none / 0) (#104)
by tyroneking on Sat Aug 30, 2003 at 04:34:46 PM EST

I mean, really, email signing has been around for a long time and only Microsoft bother to sign their emails.
Why don't companies like Yahoo, Amazon and Paypal do the same?

Also, I too have had fake email proporting to be from PAYPAL and Yahoo - wow what a difference in responses from both companies. Paypal actually comminicated to me an asked for the email to be sent to them.
Yahoo, on the other hand, sent me a couple of nonsensical emails and then had the cheek to send a followup questionnaire asking me about how well I liked their support service!


Anatomy of an embryonic identity-theft-by-email | 105 comments (77 topical, 28 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!