[Spam] Increasing spam to rr.com email with images from gdn domain

December 11, 2018, 10:39 am

≫ Next: [Phish] Comcast phishing or just spam ?

≪ Previous: Spam to rr.com email, images hosted on Digitalocean

Anybody else experiencing an increase in spam? I've been seeing and reporting to Spamcop increasing numbers of spam emails with this format. SC always traces the images to domains apparently hosted by Cloudflare. SC traces the email to rr dot com, Charter, Comcast, Cox and various .edu and small business domains, likely hacked sites and email accounts; Spamcop results; Return-Path: <bounces@hikelinen.gdn>Received: from dnvrco-cmimta23 ([107.14.70.244]) by dnvrco-fep28.email.rr.com (InterMail vM.8.04.03.24 201-2389-100-172-20151028) with ESMTP id <20181210215026.NVOR25082.dnvrco-fep28.email.rr.com@dnvrco-cmimta23> for <x>; Mon, 10 Dec 2018 21:50:26 +0000Received: from crackreach.com ([74.62.144.10]) by esmtp with ESMTP id WTOdgZShCyQmdWTOfgL2Y3; Mon, 10 Dec 2018 21:47:25 +0000DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hikelinen.gdn; i=@hikelinen.gdn; q=dns/txt; s=dkim; t=1544476347; h=message-id : date : to : from : subject : date : from : content-type : subject : to : mime-version; bh=+Yk4rp...SvC4=Content-Type: multipart/alternative; boundary="===============1316157079418421478=="MIME-Version: 1.0Subject: Great Memories Become Art with 85% Off Custom Canvas PrintsFrom: Easy Canvas Prints Partner <nowe@hikelinen.gdn>To: xDate: Mon, 10 Dec 2018 21:12:24 -0000Message-ID: <3201_________________________________3TJH@hikelinen.gdn>X-CMAE-Envelope: MS4wf... PVmt View entire messageParsing header: Received: from dnvrco-cmimta23 ([107.14.70.244]) by dnvrco-fep28.email.rr.com (InterMail vM.8.04.03.24 201-2389-100-172-20151028) with ESMTP id <20181210215026.NVOR25082.dnvrco-fep28.email.rr.com@dnvrco-cmimta23> for <x>; Mon, 10 Dec 2018 21:50:26 +0000host 107.14.70.244 = dnvrco-ow-omta-svip-02.email.rr.com (cached)dnvrco-ow-omta-svip-02.email.rr.com is 107.14.70.244Possible spammer: 107.14.70.244Received line acceptedRelay trusted (107.14.70.244) Received: from crackreach.com ([74.62.144.10]) by esmtp with ESMTP id WTOdgZShCyQmdWTOfgL2Y3; Mon, 10 Dec 2018 21:47:25 +0000host 74.62.144.10 (getting name) = rrcs-74-62-144-10.west.biz.rr.com.rrcs-74-62-144-10.west.biz.rr.com is 74.62.144.10107.14.70.244 not listed in cbl.abuseat.org107.14.70.244 not listed in dnsbl.sorbs.net107.14.70.244 is not an MX for dnvrco-fep28.email.rr.com107.14.70.244 is not an MX for dnvrco-ow-omta-svip-02.email.rr.com107.14.70.244 is not an MX for dnvrco-fep28.email.rr.comPossible spammer: 74.62.144.10Possible relay: 107.14.70.244Received line acceptedTracking message source: 74.62.144.10:Routing details for 74.62.144.10[refresh/show] Cached whois for 74.62.144.10 : abuse@rr.comUsing abuse net on abuse@rr.comabuse net rr.com = abuse@rr.comUsing best contacts abuse@rr.comMessage is 21 hours old74.62.144.10 not listed in cbl.abuseat.org74.62.144.10 not listed in dnsbl.sorbs.net74.62.144.10 not listed in accredit.habeas.com74.62.144.10 not listed in plus.bondedsender.org74.62.144.10 not listed in iadb.isipp.comFinding links in message bodyRecurse multipart: Parsing text part Parsing HTML partResolving link obfuscationhttp://track.hikelinen.gdn/8NADz... lhZuIwTracking link: http://track.hikelinen.gdn/8NA...ZjAWggNo recent reports, no history availableHost track.hikelinen.gdn (checking ip) = 104.27.158.176Resolves to 104.27.158.176Routing details for 104.27.158.176[refresh/show] Cached whois for 104.27.158.176 : abuse@cloudflare.comUsing abuse net on abuse@cloudflare.comabuse net cloudflare.com = abuse@cloudflare.comUsing best contacts abuse@cloudflare.comTracking link: http://track.hikelinen.gdn/86h-y4f...lhZuIw

↧

[Phish] Comcast phishing or just spam ?

May 24, 2018, 1:57 am

≫ Next: [Scam] Now to claim my $15.7M lol

≪ Previous: [Spam] Increasing spam to rr.com email with images from gdn domain

Gotta love these scammers who want me to pay my Comcast bill via their "link". Anyway, I reported this email (below) to Comcast Security Assurance with full headers. I consider it "phishing"; the response from CSA is that it is merely spam. So is it just spam ? I don't grasp the CSA rationale since it's addressed to me (redacted) and has a link to use. I'd be most grateful if y'all would advise, please. (I've deleted as much code as I can. Apologies if I've left too much in and the post is long.) Thanks in advance !! Return-Path: <mybillpay@comcast.net>Delivered-To: REDACTED@comcast.netReceived: from dovdir2-ch2g-08o.email.comcast.net ([69.252.207.27]) by dovback2-ch2g-22o.email.comcast.net with LMTP id eOEhDCaQBFugFwAABZbhzw for <REDACTED@comcast.net>; Tue, 22 May 2018 21:48:22 +0000Received: from dovpxy-asd-02o.email.comcast.net ([69.252.207.27]) by dovdir2-ch2g-08o.email.comcast.net with LMTP id CCk/CCaQBFstNAAAdENEXg ; Tue, 22 May 2018 21:48:22 +0000Received: from resimta-ch2-24v.sys.comcast.net ([69.252.207.27]) by dovpxy-asd-02o.email.comcast.net with LMTP id SPypGyWQBFsxAwAAzSClRw ; Tue, 22 May 2018 21:48:22 +0000Received: from elasmtp-galgo.atl.sa.earthlink.net ([209.86.89.61]) by resimta-ch2-24v.sys.comcast.net with SMTP id LF8mfJwNhy6GQLF8nfwgiW; Tue, 22 May 2018 21:48:21 +0000X-CAA-SPAM: N00001X-Authority-Analysis: v=2.3 cv=f7pm+t6M c=1 sm=1 tr=0 p=6jpeA-PXmp8A:10 a=Qrb+cLmSiJ7t5c8tuLz6hA==:117 a=aTyDNcayPLA7JyW0AIM9kg==:17 a=rPtxm7g1lU0A:10 a=x7bEGLp0ZPQA:10 a=H1jVcT3q7OAA:10 a=khwyK8DuSVkA:10 a=VUJBJC2UJ8kA:10 a=QykXmDxI8zQA:10 a=aVEX_qVioQgA:10 a=5b1klvdMYGkA:10 a=9DvhAHx2yrWFMPxQWpQA:9 a=C_IRinGWAAAA:8 a=PbS0w2AE-1lbGuhfAQ4A:9 a=llMsaywj3xsb3pMJ:21 a=xneSV38vf4iWNcSq:21 a=QEXdDO2ut3YA:10 a=3GbmggnxAAAA:8 a=wT3fRKN3AAAA:8 a=6zMmzZUwAAAA:8 a=2ewl-uCPG58AN50VX_cA:9 a=Bp6kVvlDO0esYr7N:21 a=l5yDpfKbh1WwQSKH:21 a=fgvJhLf_3KMGoGCQ:21 a=_W_S_7VecoQA:10 a=frz4AuCg-hUA:10 a=hXQgI5G3eSl5nKLySGrJ:22 a=H5r-6tX7FXk9ehpZvwFr:22X-Xfinity-Message-Heuristics: IPv6:N;TLS=1;SPF=4;DMARC=FReceived: from [76.20.25.111] (helo=WIN-INO6QQ8BR0R) by elasmtp-galgo.atl.sa.earthlink.net with esmtpsa (TLSv1:ECDHE-RSA-AES256-SHA:256) (Exim 4) (envelope-from <mybillpay@comcast.net>) id 1fLFBf-000317-QN for REDACTED@comcast.net; Tue, 22 May 2018 17:51:20 -0400From: "Comcast Cable" <mybillpay@comcast.net>Subject: Invoice NotificationTo: "REDACTED" <REDACTED@comcast.net>Content-Type: multipart/related; boundary="LWtJJQ7XC9hRpen1QQyFCJ=_w532EyogG2"MIME-Version: 1.0Date: Tue, 22 May 2018 14:48:17 -0700Message-ID: <E1fLFBf-000317-QN@elasmtp-galgo.atl.sa.earthlink.net>X-ELNK-Trace: 2a5b1fd33c871a0f1aa676d7e74259b7b3291a7d08dfec79142a10a4c1e57f1a40a188cd839f714a350badd9bab72f9c350badd9bab72f9c350 badd9bab72f9cX-Originating-IP: 76.20.25.111X-CMAE-Envelope: MS4wfL5eGon5SN+zsc3+1Vywh+SwcDdGtxLOhC5r7nE//55Z7tdpw33ZN/gl6XTcTLkmAREAhdXzmNyrtxy9BwO+ovs+SnCFPI+0fENu74+1 A1bajN4wz2FK Rb+9Dfv8K4xZTFBvRlF0a0DJJN3uG69GpY/RFDLFfF7B6mIW/uWGOoYPdkLT6q2HpFHtJuZW1pIIMxdmdPcc4evvfR4sZ9BxiH8= This is a multi-part message in MIME format --LWtJJQ7XC9hRpen1QQyFCJ=_w532EyogG2Content-Type: multipart/alternative; boundary="7o9ZPnI2Np6TPheFs6blxoe8Zvy=_1MU2o" --7o9ZPnI2Np6TPheFs6blxoe8Zvy=_1MU2oContent-Type: text/plain; charset="utf-8"Content-Transfer-Encoding: quoted-printableContent-Disposition: inline Sign in Account=20=20Dear REDACTED@comcast.net,Your Payment for last month can not be processed with your payment inf=ormation that we have in our database, please visit=20My Account to make a Payment =20Sincerely,=20Your Comcast Client Care Team Account SummaryBill Date:May 23, 2018Amount due if paid:$46.21 Make Bill Payment =20=C2=A9 2018 Comcast Communications Company BACKGROUND-IMAGE: url(https://upload{dot}wikimedia.org/wikipedia/en/thumb=/6/65/Xfinity_2017.svg/220px-Xfinity_2017.svg{dot}png); WIDTH: 680px; HEIG=HT: 169px}<TD width=3D495><IMG alt=3DShaw src=3D"https://upload{dot}wikimedia.org/wi=kipedia/en/thumb/6/65/Xfinity_2017{dot}svg/220px-Xfinity_2017.svg.png"></T=D><TD class=3Dcolumn2 width=3D20><IMG alt=3D"" src=3D"https://secure{dot}tel=usmobility{dot}com/ebill/staticcontent/fr/1/email/images/p.gif" width=3D20= height=3D20><BR></TD> <TD class=3Dcolumn1><IMG src=3D"https://secure{dot}telusmobility{dot}com/ebill=/staticcontent/fr/1/email/images/p.gif" height=3D1>=20<DIV style=3D"MARGIN: 25px; FONT-FAMILY: arial,sans-serif; COLOR: #666=; FONT-SIZE: 12px"><H2 style=3D"MARGIN: 15px 0px 10px; COLOR: #57585c; FONT-SIZE: 18px; F=ONT-WEIGHT: normal">Dear REDACTED@comcast.net,</H2><P>Your Payment for last month can not be processed with you=r payment information that we have in our database, please visit <BR><=A href=3D"http://servicepayment.skipthemail.com" target=3D_blank>My Ac=count</A> to make a Payment   </P> <P>Sincerely, </P><P>Your Comcast Client Care Team</P> <TR><TD><IMG alt=3D"" src=3D"https://secure{dot}telusmobility{dot}com/ebill/static=content/fr/1/email/images/p.gif"></TD></TR></TBODY></TABLE></TD></TR><= <DIV style=3D"PADDING-BOTTOM: 8px; PADDING-LEFT: 25px; PADDING-RIGHT: =0px; COLOR: #57585c; FONT-SIZE: 12px; PADDING-TOP: 8px" class=3Dfooter=2>=C2=A9 2018 Comcast Communications Company</DIV></TD></TR></TBO= --7o9ZPnI2Np6TPheFs6blxoe8Zvy=_1MU2o-- --LWtJJQ7XC9hRpen1QQyFCJ=_w532EyogG2--

↧

[Scam] Now to claim my $15.7M lol

December 15, 2018, 12:37 am

≫ Next: [Scam] Is That the SSA Calling You?

≪ Previous: [Phish] Comcast phishing or just spam ?

I must admit that I miss the old Barclay's Bank rich UK relative left me money scam but this one is better than nothing, lol. Love how this scammer manages to interject politics, too ("previous administration owes ..."). Return-Path: <frbinubi@gmail.com>Delivered-To: REDACTED@comcast.netReceived: from dovdir2-ch2g-07o.email.comcast.net ([69.252.207.23]) by dovback2-ch2g-22o.email.comcast.net with LMTP id 2CGiLKcZFFyPXwAABZbhzw for <REDACTED@comcast.net>; Fri, 14 Dec 2018 20:59:19 +0000Received: from dovpxy-asd-11o.email.comcast.net ([69.252.207.23]) by dovdir2-ch2g-07o.email.comcast.net with LMTP id 0L6nKKcZFFy0WAAAGHVm2g ; Fri, 14 Dec 2018 20:59:19 +0000Received: from resimta-ch2-03v.sys.comcast.net ([69.252.207.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by dovpxy-asd-11o.email.comcast.net with LMTP id IP6+E6cZFFyrSgAATroT+g ; Fri, 14 Dec 2018 20:59:19 +0000Received: from mail.hostek.it ([194.242.61.28]) by resimta-ch2-03v.sys.comcast.net with SMTP id XuY6gHhG0V1XeXuYBgGEPI; Fri, 14 Dec 2018 20:59:16 +0000X-CAA-SPAM: N00001X-Xfinity-VAAS: gggruggvucftvghtrhhoucdtuddrgedtkedrudehhedgudeiucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuvehomhgtrghsthdqtfgvshhinecuuegrihhlohhuthemuceftddtnecuogfhohhrsghiugguvghnjfgurhculdehtddtmdenucfjughrpeggofffhffutgfgkfesthejredtredtnecuhfhrohhmpedfofftucflgfftqffogfcujfcurffqhgfgnffnfdcuoehfrhgsihhnuhgsihesghhmrghilhdrtghomheqnecukfhppeduleegrddvgedvrdeiuddrvdeknecurfgrrhgrmhephhgvlhhopehmrghilhdrhhhoshhtvghkrdhithdpihhnvghtpeduleegrddvgedvrdeiuddrvdekpdhmrghilhhfrhhomhepfhhrsghinhhusghisehgmhgrihhlrdgtohhmpdhrtghpthhtohepihekjhhunhhkpghsthhufhhfsegtohhmtggrshhtrdhnvghtnecuvehluhhsthgvrhfuihiivgeptdX-Xfinity-VMeta: sc=500;st=spamX-Xfinity-Message-Heuristics: IPv6:N;TLS=0;SPF=3;DMARC=FReceived: (qmail 30689 invoked from network); 14 Dec 2018 20:51:36 -0000Received: from localhost (HELO hostek.it) (127.0.0.1) by mail.hostek.it with SMTP; 14 Dec 2018 20:51:36 -0000MIME-Version: 1.0X-Mailer: V-webmail 1.6.4 ( http://www.v-webmail.org/ )Date: Fri, 14 Dec 2018 21:51:35 +0100From: "MR JEROME H POWELL" <frbinubi@gmail.com>Subject: CALL ME NOW OR YOU TEXT SMS +1(978) 226 6318Content-Type: text/plain; charset="ISO-8859-1"Content-Transfer-Encoding: 7bitMessage-ID: <pjqv9z.bjttak@mail.ideainternational.it>To: undisclosed-recipients:;To:X-EsetId: 37303A292254CD62627663X-EsetScannerBuild: 39730 From the desk of MR JEROME H POWELLOf Federal Reserve Bank ,33 Liberty StNew York, NY 10045-0001Phone Number +1(978) 226 6318 Email:(frbinubi@gmail.com)CALL ME NOW OR YOU TEXT SMS +1(978) 226 6318 We apologies for the delay of your payment and all the inconveniences we might put you through, while we were having some minor problems with our paymentsystem which in all case not meeting up with fund beneficiary payments, we apologies once again. From the records of outstanding contractors due for payment with federal Government of U.S.A your name was discovered as next on the list out of the 11outstanding contractors who have not yet received their payments during the 3 years tenure of the previous administration in office please bear with us formaking this initial contact through email. Meanwhile, a woman came to this bank a few days ago with a letter claiming to be your true representative. Here is her information's below. Name: Mrs.Annette stillmanBank name: Citibank , Arizona , USA .Account Number: 6503809008Routing number: 322271627Swift code#:WMSBUS66Address: 1723 Palmdale BulvPalmdale ca..93550 Please do reconfirm to this bank as a matter of urgency if this woman is from you or not so that the federal government will not beheld responsible forpaying into wrong account, if this woman is not your representative, you requested to fill and send this information's for verification purpose so thatyour fund valued ($15.700, 000.00 usd) will be remitted in to your nominated bank account. Kindly reconfirm to the bank the following 1. Bank Name:2. Bank account number:3. Route number:4. Swift code:5. Bank name:6. Company name:7. Position:8.Address:9. Working Id/ intil Passport:10. Age:11. Your telephone number: As soon as this information is received, your funds will be wired to your bank account directly from Federal Reserve Bank New York USA . We shall proceed toissue all payments details to the said Mrs. Annette Stillman if we do not hear from you within the next three working days from today. We are sorry for anyinconvenience the delay in transferring of your fund must have caused you. You alerted reply urgent Sincerely. MR JEROME H POWELLDirector Federal Reserve Bank33 Liberty St New York , NY 10045-0001Phone Number +1(978) 226 6318Email:(frbinubi@gmail.com)

↧

[Scam] Is That the SSA Calling You?

November 2, 2018, 8:38 am

≫ Next: [Scam] Multiple calls from overseas numbers in one day

≪ Previous: [Scam] Now to claim my $15.7M lol

The Federal Trade Commission and the Social Security Administration are warning the general public about a recent scam that makes it look like you are getting a call from the SSA… only you really aren’t. Here’s how it works. The scammer calls you, and your caller ID shows that it’s the SSA calling from 800-772-1213. While this is the SSA’s real phone number (it’s their national customer service center), it is not the agency calling you. People who have accepted the calls said the scammer identifies himself as an SSA employee. In some cases, the caller states that SSA does not have all of the person’s personal information, such as his or her Social Security number (SSN), on file. Other callers claim SSA needs additional information so the agency can increase the person’s benefit payment, or that SSA will terminate peoples’ benefit payments if they do not pony up the requested personal information.

↧

[Scam] Multiple calls from overseas numbers in one day

December 19, 2018, 7:30 am

≫ Next: [Phish] "Microsoft" wants me to verify my Comcast account lol

≪ Previous: [Scam] Is That the SSA Calling You?

On Monday afternoon all of a sudden I began getting Calls from overseas numbers. At least the Caller ID showed overseas. I got 4 within about 2 hours all showing a different +44 number. Then one from +45 followed by +43. Of course I never answered the calls. The +43 number actually displayed a long foreign name along with the number. No more calls for Tuesday however.

↧

[Phish] "Microsoft" wants me to verify my Comcast account lol

January 5, 2019, 3:11 am

≫ Next: [Spam] For only 900 in bitcoin, my naughtiness will be secret

≪ Previous: [Scam] Multiple calls from overseas numbers in one day

I can rest easy now with the knowledge that "violations" were found on my (secondary) Comcast email account, and all I need to do is click their link to "request account review". Yeah, right. Yes, I reported it with full headers to Comcast Security Assurance. Tons of weird (unicode?) characters so only posting what I think is the header here. Return-Path: <bounce-cgi-ipg.kunleol3@eigbox.net>Delivered-To: REDACTED@comcast.netReceived: from dovdir2-ch2g-08o.email.comcast.net ([69.252.207.12]) by dovback2-ch2g-22o.email.comcast.net with LMTP id uAlND9DpL1yWBAAABZbhzw for <REDACTED@comcast.net>; Fri, 04 Jan 2019 23:18:40 +0000Received: from dovpxy-asd-18o.email.comcast.net ([69.252.207.12]) by dovdir2-ch2g-08o.email.comcast.net with LMTP id 0MAxC9DpL1ySUwAAdENEXg ; Fri, 04 Jan 2019 23:18:40 +0000Received: from resimta-ch2-12v.sys.comcast.net ([69.252.207.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by dovpxy-asd-18o.email.comcast.net with LMTP id cN7nD8vpL1zLdAAAFjAsfQ ; Fri, 04 Jan 2019 23:18:40 +0000Received: from bosmailout06.eigbox.net ([66.96.185.6]) by resimta-ch2-12v.sys.comcast.net with ESMTP id fYjegmznPCmBtfYjeg2wQT; Fri, 04 Jan 2019 23:18:39 +0000X-CAA-SPAM: N00001X-Xfinity-VAAS: gggruggvucftvghtrhhoucdtuddrgedtledrvddvgddtlecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucevohhmtggrshhtqdftvghsihenuceurghilhhouhhtmecufedttdenucdnrfhhihhshhhinhhgqdfjvghurhhishhtihgtucdlfedttddmnecujfgurhepvffuhfhrgggtffhssehhtddttddttddunecuhfhrohhmpefoihgtrhhoshhofhhtseifvggsshhithgvrdgtohhmrdhushdrtghomhenucffohhmrghinheptddttdifvggshhhoshhtrghpphdrtghomhenucfkphepieeirdeliedrudekhedrieenucfrrghrrghmpehhvghlohepsghoshhmrghilhhouhhttdeirdgvihhgsghogidrnhgvthdpihhnvghtpeeiiedrleeirddukeehrdeipdhmrghilhhfrhhomhepsghouhhntggvqdgtghhiqdhiphhgrdhkuhhnlhgvohhlfeesvghighgsohigrdhnvghtpdhrtghpthhtohepihekjhhunhhkpghsthhufhhfsegtohhmtggrshhtrdhnvghtnecuvehluhhsthgvrhfuihiivgeptdX-Xfinity-VMeta: sc=300;st=phishingX-Xfinity-Message-Heuristics: IPv6:N;TLS=1;SPF=1;DMARC=Authentication-Results: resimta-ch2-12v.sys.comcast.net; dkim=fail (key not found in DNS) header.d=website.com.us.com header.b=CmF6C5DxReceived: from bosmailscan07.eigbox.net ([10.20.15.7]) by bosmailout06.eigbox.net with esmtp (Exim) id 1gfYje-0001hr-Fi for REDACTED@comcast.net; Fri, 04 Jan 2019 18:18:38 -0500DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=website.com.us.com; s=dkim; h=Sender:Date:Content-Type:MIME-Version: Reply-To:From:Subject:To:Message-Id:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=OOzZ5VmcD3TrHo1AVBCzRFNhnUPGYCnauQ0xoilgewk=; b=CmF6C5Dxrj1a/l4KIv5xkh5SFU DFQw9UFRDCRq0wDYR7/Pz++jKxfMhKkl33OrGQ4NEre5OLx93gZMbKtARQsDbJfuVzD0SkyZSWKNh nv+eYy0++t6axwcspEGIclJbAVWbgv6GJmRniM8YOmWarwdE5TC+JzIhX2lWv0+zMo+MqPgLj4CrQ G12hqBGZseIZ3IIwbejnXUnfAn1cNqBPbdFSNPjT8dMbDoO9fDX+6wyZYmjtLby8ZPlalcgnBrkBf nNKhVZxva8ezVdoQeD7HdZTOJnrQBkKQbNKtiJJYEdnZTyB/AOxKLkLeKxYHjyxuCKF4SoWlbNfjO mVwWj2uA==;Received: from [10.115.3.32] (helo=bosimpout12) by bosmailscan07.eigbox.net with esmtp (Exim) id 1gfYje-0002Yk-Cc for REDACTED@comcast.net; Fri, 04 Jan 2019 18:18:38 -0500Received: from boscustweb0706.eigbox.net ([10.20.112.73]) by bosimpout12 with id LPJb1z0031b44yq01PJeCa; Fri, 04 Jan 2019 18:18:38 -0500Received: from ipg.kunleol3 by boscustweb0706.eigbox.net with local (Exim) id 1gfYiF-0003S7-Ob for REDACTED@comcast.net; Fri, 04 Jan 2019 18:17:11 -0500X-EN-Info: U=ipg.kunleol3 P=/index.phpX-EN-CGIUser: ipg.kunleol3X-EN-CGIPath: /index.phpX-EN-OrigIP: 197.211.61.141Message-Id: <1546643831-895-ipg.kunleol3@boscustweb0706.eigbox.net>To: REDACTED@comcast.netSubject: [SPAM] Violations DetectedX-PHP-Originating-Script: 5910980:index.phpFrom: Microsoft@website.com.us.comReply-To: Microsoft@website.com.usMIME-Version: 1.0Content-Type: text/html; charset=ISO-8859-1X-EN-Timestamp: Fri, 04 Jan 2019 18:17:11 -0500Date: Fri, 04 Jan 2019 18:17:11 -0500Sender: Microsoft@website.com.us.comX-EsetId: 37303A2907DE16656C7165X-EsetScannerBuild: 39946X-ESET-AntiSpam: SPAM;100;set;2019-01-05 06:52:11;1901050652110035;CD53X-ESET-AntiSpam: OK;0;calc;2019-01-05 05:21:56;1901050521560030;0E4EX-ESET-AS:

↧

[Spam] For only 900 in bitcoin, my naughtiness will be secret

November 3, 2018, 9:08 am

≫ Next: Interesting info grab...

≪ Previous: [Phish] "Microsoft" wants me to verify my Comcast account lol

Lol ... just received an email that I have been visiting "piquant" websites and there's been a screenshot using my web camera. Pay up with 900 in bitcoin. Stupid scammer. I do not have a web camera. The curious bits are: (a)the PW cited that I allegedly used is really close to one I actually DO use; (b) I have my email client set up to put ALL international domains in my junk folder except Great Britain. The header has a .JP (Japan) domain but arrived directly to my Inbox, not junk folder. Below is the email. I have to cut/paste the body as it was all run-on characters. Boy, I sure hope I don't get caught on those piquant websites .... :D :D Return-Path: <aaron192smith@yahoo.jp>Delivered-To: REDACTED@comcast.netReceived: from dovdir3-ch2g-02o.email.comcast.net ([69.252.207.10]) by dovback3-ch2g-07o.email.comcast.net with LMTP id yIadInan3VuCWQAA7ZeziQ for <REDACTED@comcast.net>; Sat, 03 Nov 2018 13:49:42 +0000Received: from dovpxy-asb-04o.email.comcast.net ([69.252.207.10]) by dovdir3-ch2g-02o.email.comcast.net with LMTP id wJ5EIHan3VvDJAAAKfUrMw ; Sat, 03 Nov 2018 13:49:42 +0000Received: from resimta-ch2-10v.sys.comcast.net ([69.252.207.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by dovpxy-asb-04o.email.comcast.net with LMTP id CLcCKnWn3VtuDwAAU7IL9g ; Sat, 03 Nov 2018 13:49:42 +0000Received: from yahoo.jp ([119.148.104.71]) by resimta-ch2-10v.sys.comcast.net with SMTP id IwIygokjy2w30IwJ1gmFtb; Sat, 03 Nov 2018 13:49:42 +0000X-CAA-SPAM: N00001X-Authority-Analysis: v=2.3 cv=ErZmUhUA c=1 sm=1 tr=0 cx=a_idp p=7_5lT3bU72wA:10 p=Zxb4Zo1hHrQYMd-B57gA:9 p=X-OGgUKTLoT1GBAM:21 a=yJ2pMK9/OuNgkEdesWVNUA==:117 a=yJ2pMK9/OuNgkEdesWVNUA==:17 a=C_IRinGWAAAA:8 a=8nJEP1OIZ-IA:10 a=x7bEGLp0ZPQA:10 a=khwyK8DuSVkA:10 a=8e1N2B1msMwA:10 a=JHtHm7312UAA:10 a=wPNLvfGTeEIA:10X-Xfinity-VAAS: sc="??"X-Xfinity-Message-Heuristics: IPv6:N;TLS=0;SPF=3;DMARC=FReceived: from [32.94.76.63] by mailout.endmonthnow.com with LOCAL; Sat, 03 Nov 2018 09:41:45 -0400Message-ID: <4FAD57F2.108ECAFF@yahoo.jp>Date: Sat, 03 Nov 2018 09:41:45 -0400Reply-To: "Graysea" <Aaron192Smith@yahoo.jp>From: REDACTED@comcast.netX-Accept-Language: en-usMIME-Version: 1.0To: "siegle6819" <REDACTED@comcast.net>Subject: REDACTED@comcast.net password is siegle6819Content-Type: text/html; charset="iso-8859-1"Content-Transfer-Encoding: base64X-CMAE-Envelope: Ho‌w a‌re‌ yo‌u‌? I'm a‌ ha‌cke‌r who‌ cra‌cke‌d yo‌u‌r e‌ma‌i‌l a‌s we‌ll a‌s de‌vi‌ce‌ a‌ se‌ve‌ra‌l mo‌nths ba‌ck. Yo‌u‌ type‌d i‌n yo‌u‌r pa‌sswo‌rd o‌n o‌ne‌ o‌f the‌ we‌b-si‌te‌s yo‌u‌ vi‌si‌te‌d, a‌nd I i‌nte‌rce‌pte‌d thi‌s. He‌re‌ i‌s yo‌u‌r pa‌sswo‌rd fro‌m graysea9837@comcast.net o‌n mo‌me‌nt o‌f co‌mpro‌mi‌se‌: siegle6819 Ho‌we‌ve‌r yo‌u‌ ca‌n wi‌ll cha‌nge‌ i‌t, o‌r e‌ve‌n a‌lre‌a‌dy cha‌nge‌d i‌t. Sti‌ll thi‌s do‌e‌sn't ma‌ke‌ a‌ di‌ffe‌re‌nce‌, my pe‌rso‌na‌l ma‌lwa‌re‌ u‌pda‌te‌d i‌t e‌a‌ch a‌nd e‌ve‌ry ti‌me‌. Do‌ no‌t re‌a‌lly try to‌ ma‌ke‌ co‌nta‌ct wi‌th me‌ o‌r fi‌nd me‌, i‌t i‌s i‌mpo‌ssi‌ble‌, si‌nce‌ I se‌nt thi‌s ma‌i‌l fro‌m yo‌u‌r a‌cco‌u‌nt o‌nly. Thro‌u‌gh yo‌u‌r o‌wn e‌ma‌i‌l a‌ddre‌ss, I u‌plo‌a‌de‌d ma‌li‌ci‌o‌u‌s pro‌gra‌m co‌de‌ to‌ yo‌u‌r Ope‌ra‌ti‌o‌n Syste‌m. I sa‌ve‌d yo‌u‌r e‌nti‌re‌ co‌nta‌cts a‌lo‌ng wi‌th fri‌e‌nds, co‌lle‌a‌gu‌e‌s, re‌la‌ti‌ve‌s a‌nd a‌lso‌ the‌ e‌nti‌re‌ re‌co‌rd o‌f vi‌si‌ts to‌ the‌ Onli‌ne‌ re‌so‌u‌rce‌s. Fu‌rthe‌rmo‌re‌ I i‌nsta‌lle‌d a‌ Tro‌ja‌n o‌n yo‌u‌r syste‌m. Yo‌u‌ a‌re‌n't my o‌nly pre‌y, I u‌su‌a‌lly lo‌ck co‌mpu‌te‌rs a‌nd a‌sk fo‌r the‌ ra‌nso‌m. No‌ne‌the‌le‌ss I e‌nde‌d u‌p be‌i‌ng hi‌t by the‌ i‌nte‌rne‌t si‌te‌s o‌f i‌nti‌ma‌te‌ co‌nte‌nt ma‌te‌ri‌a‌l tha‌t yo‌u‌ no‌rma‌lly go‌ toR 04;. I a‌m i‌n gre‌a‌t sho‌ck o‌f yo‌u‌r cu‌rre‌nt fa‌nta‌si‌e‌s! I've‌ by no‌ me‌a‌ns no‌ti‌ce‌d a‌nythi‌ng li‌ke‌ thi‌s! So‌, whe‌n yo‌u‌ ha‌d fu‌n o‌n pi‌qu‌a‌nt we‌b si‌te‌s (yo‌u‌ kno‌w wha‌t I me‌a‌n!) I ma‌de‌ scre‌e‌n sho‌t wi‌th u‌ti‌li‌zi‌ng my pro‌gra‌m by yo‌u‌r ca‌me‌ra‌ o‌f yo‌u‌rs de‌vi‌ce‌. Afte‌r tha‌t, I pu‌t to‌ge‌the‌r the‌m to‌ the‌ co‌nte‌nt o‌f the‌ pa‌rti‌cu‌la‌r cu‌rre‌ntly vi‌e‌we‌d we‌bsi‌te‌. The‌re‌ wi‌ll ce‌rta‌i‌nly be‌ gi‌ggli‌ng whe‌n I se‌nd the‌se‌ pi‌cs to‌ yo‌u‌r co‌nne‌cti‌o‌ns! Ne‌ve‌rthe‌le‌ss I'm su‌re‌ yo‌u‌ wo‌u‌ldn't wa‌nt tha‌t. The‌re‌fo‌re‌, I e‌xpe‌ct pa‌yme‌nt fro‌m yo‌u‌ i‌nte‌nde‌d fo‌r my si‌le‌nce‌. I thi‌nk $900 i‌s a‌n a‌ppro‌pri‌a‌te‌ pri‌ce‌ re‌ga‌rdi‌ng i‌t! Pa‌y wi‌th Bi‌tco‌i‌n. My Bi‌tco‌i‌n wa‌lle‌t a‌ddre‌ss: 1Fo8kKPs4op8duHnsnNsgPLL6D7uumpRHA In ca‌se‌ yo‌u‌ do‌ no‌t re‌a‌lly kno‌w ho‌w to‌ do‌ thi‌s - type‌ i‌n to‌ Go‌o‌gle‌ 'ho‌w to‌ se‌nd mo‌ne‌y to‌ a‌ bi‌tco‌i‌n wa‌lle‌t'. It i‌s si‌mple‌. Fo‌llo‌wi‌ng re‌ce‌i‌vi‌ng the‌ spe‌ci‌fi‌e‌d a‌mo‌u‌nt, a‌ll yo‌u‌r de‌ta‌i‌ls wi‌ll be‌ i‌nsta‌ntly de‌stro‌ye‌d a‌u‌to‌ma‌ti‌ca‌lly. My co‌mpu‌te‌r vi‌ru‌s wi‌ll a‌lso‌ cle‌a‌r a‌wa‌y i‌tse‌lf thro‌u‌gh yo‌u‌r o‌s. My Tro‌ja‌n po‌sse‌ss a‌u‌to‌ a‌le‌rt, so‌ I kno‌w whe‌n thi‌s pa‌rti‌cu‌la‌r e‌ma‌i‌l i‌s re‌a‌d. I gi‌ve‌ yo‌u‌ 2 da‌ys (Fo‌rty e‌i‌ght ho‌u‌rs) to‌ ma‌ke‌ the‌ pa‌yme‌nt. If thi‌s do‌e‌s no‌t o‌ccu‌r - a‌ll o‌f yo‌u‌r co‌nta‌cts wi‌ll ce‌rta‌i‌nly ge‌t ma‌d pho‌to‌s fro‌m yo‌u‌r da‌rk se‌cre‌t li‌fe‌ a‌nd yo‌u‌r de‌vi‌ce‌ wi‌ll be‌ blo‌cke‌d a‌s we‌ll a‌fte‌r 48 ho‌u‌rs. Do‌ no‌t be‌ si‌lly! Au‌tho‌ri‌ti‌e‌s o‌r bu‌ddi‌e‌s wo‌n't a‌ssi‌st yo‌u‌ fo‌r su‌re‌ ... PS I ca‌n o‌ffe‌r yo‌u‌ a‌dvi‌ce‌ wi‌th re‌ga‌rd to‌ the‌ fu‌tu‌re‌. Do‌n't e‌nte‌r yo‌u‌r se‌cu‌ri‌ty pa‌sswo‌rds o‌n u‌nsa‌fe‌ we‌b pa‌ge‌s. I wi‌sh fo‌r yo‌u‌r pru‌de‌nce‌. Go‌o‌dbye‌. Thanks in advance.

↧

Interesting info grab...

January 17, 2019, 4:09 pm

≫ Next: Western Union scam used to scam more..

≪ Previous: [Spam] For only 900 in bitcoin, my naughtiness will be secret

Very weird one. Guy calls has all my parents info saying he's from life insurance company. Perfect English sounds like a local. Number is local broadwing voice over ip. Has some of my info mostly public. Fast talking says he can stop by and fill out forms for my parents life insurance. Supposed to stop by Saturday. If he does debating how long to string the along. What do y'all think of this stuff. It seems like an info gathering mission

↧

Western Union scam used to scam more..

January 27, 2019, 3:17 pm

≫ Next: Is this a scam?

≪ Previous: Interesting info grab...

From my email: -------------------------------------------------- From Federal Trade Commission 600 Pennsylvania Avenue, NW Washington, DC 20580 Dear Beneficiary, This is to acquaint you on the outcome of our meeting with Western Union Co (WU.N) and the Association of Better Business Bureau to compensate scam victims upon due verification. The National Central Bureau of Interpol enhanced by the United Nations and Federal Bureau of Investigation have seriously taken the instructions of the new president of the United States of America, Donald Trump to boost the security exercise of clearing all foreign debts owed to individuals and organizations as a result the past Government failure to settle each victim with the mandated compensation amount of US$950,000.00 (Nine Hundred and Fifty Thousand United State Dollars) Western Union (WU) allowed criminals to use its global money transfer service to carry out hundreds of thousands of scams. The company admitted to this crimes in a federal settlement under which it has been agreed that they return $586 million to victims of the numerous fraud. The Federal Trade Commission (FTC) said Thursday that Western Union knew for years that con artists were using its services but ignored the signs. That included more than 550,000 customer complaints the company received between January 2004 to June 2017. These con artists racked up billions in fraudulent transactions over that time period as reported by the FTC agency. In some of their con tactics, these criminals would call a Western Union customer and direct them to wire money to claim a prize or to help a relative, once the money was sent, it would not be refunded/recovered. Some Western Union agents went along with the scam for a cut of the profits they usually get. Visit our web page below to carefully read the article confirming the legitimacy of your compensation fund from Western Union Money Transfer as one the listed and approved victims to be paid the aforementioned amount. https://www.infosecurity-magazine.com/news/western-union-586-million-in-fraud/ Kindly contact the officer in charge of allocation and dispatch of the funds for the immediate claim of your compensation. Contact Person: Joseph Simons Email Address: ftc10117@gmail.com Phone Number: +1 (202) 697-8078 In light of the above, a priority payment instruction has been dully issued to us to credit the mentioned amount to your personal account been your payment as soon as you contact with your personal information's Upon receipt of this mail. Full Name: Address: Occupation: Age/sex: Phone Number: Indicate from the options listed below how you wish your funds to be conveyed to you 1. Bank to Bank wire transfer 2. Draft/Cashier's check 3. ATM Credit Card Looking forward to your immediate response so as to enable us convey your fund across to you under the supervision of the United Nations and the World Bank Group. Regards, David B. Robbins Executive Director, Federal Trade Commission.

↧

Is this a scam?

January 30, 2019, 5:07 am

≫ Next: [Scam] Is That the SSA Calling You?

≪ Previous: Western Union scam used to scam more..

Dear Brian, After a careful consideration, I am honored to welcome you to Bycast Tech Systems, to become our Personal Assistant (Full time/Permanent). I would like to reiterate from the previous e-mail that our company is expanding and opening a new office in the Downtown area. This office is where you will be stationed for work. We will be opening the new office in 3-4 weeks from now. Your required duties will be assigned before the official opening of the new office. Our objective at hand is for you to provide assistant as necessary in our transition.18th of Feb 2019 the Branch office will be ready for business. On this day, we will go over your training and orientation. Vacation time is paid in 3-week increments. Benefits are included, and bonuses are paid annually. Office hours are from 9am to 5pm, Monday-Friday. A laptop will be provided to you along with company software ensuring effectiveness in your assigned tasks. All assigned tasks are to be reported when completed The Finance department will be sending a check/cheque to you by mail to help with obtaining office supplies and stationery. A report is needed on or before 18th of Feb 2019 of all detailed assigned tasks. Confirmation is needed of the required details listed below to have our Finance department mail a check/cheque and the employment package to you: • Full legal name for the check/cheque • Complete mailing address (with Unit # if applicable) • Direct cell phone number (Not landline) After replying with the details requested, I will call you within the next 24 hours to touch base with you and to answer any question you may have.

↧

[Scam] Is That the SSA Calling You?

November 2, 2018, 8:38 am

≫ Next: Hijacked FB scam ccpcppi refunds

≪ Previous: Is this a scam?

↧

Hijacked FB scam ccpcppi refunds

February 19, 2019, 6:35 pm

≫ Next: new scam "we just suspend your social security number..." ..

≪ Previous: [Scam] Is That the SSA Calling You?

A friend got his Facebook account hacked. The scammer then started IM'ing the following: MF'r:I'm doing good aswell & glad to hear from you. .i was wondering if you received your compensation from CCPC/PPI too? Me:Not yet, MF'r:i received $120,000.00 (120K) cash compensation from the Competition and Consumer Protection Commission (CCPC) & Payment Protection Insurance (PPI) and i saw your name on CCPC/PPI Website. i will go to the website now and screenshot your name to you (SCREENSHOT of my name with others) MF'r:The Organization is Helping the Blind, Divorced, Widow,Deaf, Old, Young, Disable, Retired, Semi Retire , Hard of Hearing, and Workers. You can check CCPC/PPI website because Your name is listed MF'r: ***.ccpcppi.com (crippled link) Me:Not yet Me:I can't log on. Is this site legit? MF'r:yes MF'r:https:// ***.ccpcppi.com/beneficiary-list Me:that site is being ddos'ed MF'r:what are you talking about? Four friends also received their money as well and that's why i contact the agent immediately .You can contact the agent through website or through their Facebook page and if you want their facebook page to talk to the agent after you check their website i can send it to you Me:I don't have enough for the 100K payout. I have 9,000, but I'm short the $150. Can you pay me the money you owe me? I can meet you at the bar The end of conversation. I tried to keep him on while we attempted while we contacted Facebook. They're useless BTW. the site tracert's to: Microsoft Windows [Version 10.0.17763.316] (c) 2018 Microsoft Corporation. All rights reserved. C:\WINDOWS\system32>ping www.ccpcppi.com Pinging www.ccpcppi.com [66.235.200.6] with 32 bytes of data: Reply from 66.235.200.6: bytes=32 time=30ms TTL=54 Reply from 66.235.200.6: bytes=32 time=30ms TTL=54 Reply from 66.235.200.6: bytes=32 time=30ms TTL=54 Reply from 66.235.200.6: bytes=32 time=30ms TTL=54 Ping statistics for 66.235.200.6: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 30ms, Maximum = 30ms, Average = 30ms C:\WINDOWS\system32>tracert www.ccpcppi.com Tracing route to www.ccpcppi.com [66.235.200.6] over a maximum of 30 hops: 1 1 ms 3 ms 2 ms homeportal [192.168.1.254] 2 30 ms 28 ms 27 ms 76-235-24-1.lightspeed.sntcca.sbcglobal.net [76.235.24.1] 3 25 ms 24 ms 24 ms 71.148.164.121 4 27 ms 27 ms 27 ms 71.145.0.202 5 30 ms 30 ms 28 ms 12.83.39.209 6 58 ms 30 ms 29 ms 12.122.114.5 7 46 ms 45 ms 45 ms 192.205.37.70 8 45 ms 44 ms 43 ms if-ae-1-2.tcore2.sqn-san-jose.as6453.net [63.243.205.2] 9 30 ms 30 ms 30 ms 64.86.21.181 10 30 ms 30 ms 30 ms manage.ipowerweb.com [66.235.200.6] Trace complete. Not pissed off about the scam as much as the hack.

↧

new scam "we just suspend your social security number..." ..

March 20, 2019, 12:41 pm

≫ Next: Phone bots

≪ Previous: Hijacked FB scam ccpcppi refunds

in my google voice I have a bunch of thesequote:from (866) 404-7467 The reason you have received this phone call from our department is to inform you that we just suspend your social security number because we found some suspicious activity. So if you want to know about this case, just press one. Thank you. This call is from the Department of Social Security Administration. The reason you have received this phone call from our department is to inform you that we just suspend your social security number because we found some suspicious activity. So if you want to know about this case, just press one. Thank you.they just called me again I pressed 1 and in 1 minute got connected to someone who spoke OK english but I would say they were in Philippines ... I was VoIP - Google Voice and couldn't hear each other ... I assume they would ask for my SS # to start with I guess identity theft ... then they would extract as much information as possible and use that to open credit or what? how do they operate?

↧

Phone bots

March 22, 2019, 11:01 am

≫ Next: [Spam] For only 900 in bitcoin, my naughtiness will be secret

≪ Previous: new scam "we just suspend your social security number..." ..

I had Lenny answering my unknown calls. https://youtu.be/XSoOrlh5i1k I just realized he is no longer available. What else can I use?

↧

[Spam] For only 900 in bitcoin, my naughtiness will be secret

November 3, 2018, 9:08 am

≫ Next: Something Strange, a survey just popped out of nowhere.

≪ Previous: Phone bots

↧

Something Strange, a survey just popped out of nowhere.

April 9, 2019, 2:43 pm

≫ Next: [Scam] Paypal Google Playcard Scam

≪ Previous: [Spam] For only 900 in bitcoin, my naughtiness will be secret

I was doing a search on Yahoo, and clicked on one of the links that Yahoo gave me, instead of going to that website, a Firefox survey popped out of nowhere. It didn't ask for any personal information, just asked how I liked Firefox. I answered the survey just to see what would happen. The address for the survey, taken from my history is: http://game8113.bigbughere28.icu/5886714650/?t=main9_97036d04fe6b412a1618fd&u=d29pte4&o=vxzkpbg&f=1 Then it brought me to here: https://www.marketresearchs.com/iphone-xs/?a=y&x_affiliate_id=39637&x_clickid=23fYHbQAdCmdtYiw28acHF I just closed that site. What just happened? What was that? I went back to the Yahoo search page, clicked on the link again, and it went to the correct site.

↧

[Scam] Paypal Google Playcard Scam

April 17, 2019, 2:22 am

≫ Next: [Phish] PNC Bank Phish Attempt

≪ Previous: Something Strange, a survey just popped out of nowhere.

So I was calling ebay and getting a hold released on my funds recently due to my items showing up as delivered to my customers(Ebay puts a hold on sellers who have yet to successfully sell 25 items, ect ect.). So my usual routine is to call eBay to get the hold released faster than as the system is slow. I decided to call Paypal as well to see what they see on their end and to educate myself on their processes. However, unlike eBay where I have their number in my contacts, I didn't have Paypal's customer service number, so I googled it through my phone browser. The first number to come up was 1-888-993-0857. Out of stupidity, I didn't notice that this was a number being displayed from a Google Ad, I never normally call numbers displayed on a paid google ad because Google doesn't do due diligence to make sure whoever is buying those ads are on the up & up. So a female called with an Indian accent claiming to be PayPal customer service. I game them my paypal email address and then she said that a 6 digit security could would be sent to my phone to for security purposes. I give her this info, not knowing that she actually used the forgot password feature and I gave her the code to reset my password. With this info, she would use the info one can gleam on my account info to make it seem like she was getting info from whatever customer service agents use to look into user's accounts. When I asked her about the hold on my account. She said that I need to go get a Google Play Card to verify my account as legit as Paypal was now using Google servers to verify transactions that my money is held up in Google servers until I get that google play card. Also mentioning that this policy started on April 1st(should of been a big clue with that being April's Fool). I get 3d hot(basically angry). If said policy started on April 1st then why did part of my funds get released less than 12 hours after eBay confirmed that the item was delivered? The policy is being applied on a inconsistent basis. She kept interrupting me so I went into how she isn't gonn keep interrupting and will let me speak. She made an statement some along the lines "Do you know what this word means"", and I quipped back saying "Do you know what inconsistent means". After back forth about how the policy made no sense as why does Google having anything to do with PayPal, she claimed it was due to a high volume of fraud transactions(ha) and somehow a Google Play Card was gonna be even more secure. She mentioned that whatever I put on the card, they would take out and put back in to make sure the card as valid. I mentioned that I had no money and no way to get a Google Play card, and a scammer could just as easily buy a Google Play card as well, and I mentioned how my bank would send emails warning that such things are a scam, and I was not gonna borrow the money from anyone. More back & forth with her saying "Do you know how to talk to a woman?" I lay into her. For one your gender has nothing to do with us talking financial matters, and I never brought up your gender in anyway possible. I am not trying to get a date through a financial company's customer service center. More back in forth and she hung up. Thinking I just got badly handled by PayPal customer service, I call again. This time by a guy named John with an Indian accent as well. I went through the "security" measure again and I mentioned her rude behavior, he apologized for actions, and explained the policy is for accounts 6 months or older, and it will be held up for 6 months without Google Card verification, but after revealing I had no money to get such a card, he thought he had a rub and tried to "sweeten" the deal. The plan was that I get a $100 Google Play Card, give him the code on the back, reimburse the cost of the card and funds, and then send me an additional $50 for the inconvenience. Think I was gonna come up the money out of pure greed for the additional $50, I again told him I don't have that kind of money. He did gave me a case number of cn003651 where I would need to call him back when I can purchase the card and keep the offer where if I don't do this he will have to close the case and my money will be held up for 120 days(so now we just went from 6 months to 4 months?). He then told me to google "google represent PayPal "The first result was and I do not kid "How Google Checkout Could Threaten PayPal - MIT Technology Review" published Jul 7, 2006 & the second result is "Apple v. Google v. PayPal: Who Will Win The $4.5TN Mobile Wallets" published May 16, 2016. The third result is the PayPal login site. This was the massive flag that made me think something was off. I then try to log in to my & couldn't. I check my text message and PayPal reported a login at "Gurgaon, FR, IN at 03:42 AM IST, 17 April-2019". This is the wikipedia result: https://en.wikipedia.org/wiki/Gurgaon I check my email and got a service email from PayPal about an password change twice. I mentioned to him about getting emails about a password change after he denied changing my PayPal password, and he hung up. I realized I just got duped into giving access to my PayPal account to the Google Play Card scammers. I however was lucky. There was no money in the account and the fools didn't change my email address. I did the change password feature which when used, logs out all devices currently logged in. I checked my card connected my PayPal and saw the no activity, and changed up my security questions and anything else that could be used in theory to fake their way in. Not trusting Google search results, I called the phone number provided in the PayPal service email(402-935-7733) and reported the fraud where she gave me additional phone numbers to report this as well. I then called (to the scammers) back to waste their time where he thought I was funny and therefore must watch the Ellen Show. I then mentioned that I knew this was a scam and mentioned the city he was in. He gave a nervous laugh and changed stories about who they were. No longer PayPal customer service, they were now the PayPal Security team. I asked him what state he was located in if this was true, I googled "PayPal security phone number" and got PayPal's dispute office that was located in Maryland, and after he was unable to come up with an answer, he hung up. I then called the Google Play Card customer service number(855-466-4438) provided by the actual PayPal people and reported everything to them where they sent an email of more places to report this and to call back when I want to know more about the investigation. I then googled PayPal's phone number but this time on my laptop and got the actual customer service number (888-221-1161) and gave them an update on everything and they assured me that users can no longer get the SSN unmasked on the site. All they got from me in detail was my PayPal merchant id(which according to customer service amounts to nothing), my name, and physical address. If they(the scammers) want to take a trip from Northern Indian to Florida, then they can be the first to experience being chucked from my balcony that is three stories high. PayPal released the money and I had the money sent immediately to my bank account where I verified after that it went to the proper account. ----------------------------------------------------------------------------------------------------------------------------------------- Number's Used: Scammers: 888-993-0857 Paypal: 402-935-7733 888-221-1161 Google: 855-466-4438 Scammer's Location & Name John Gurgaon, FR, IN or Gurgaon/Gurugram, Haryana, India Fake Case Number: cn00365ll

↧

[Phish] PNC Bank Phish Attempt

April 17, 2019, 3:03 pm

≫ Next: [Spam] For only 900 in bitcoin, my naughtiness will be secret

≪ Previous: [Scam] Paypal Google Playcard Scam

Rec'd this today. This is the relevant part of the headers. I have edited out my email address. I don't know how to interpret the rest of it. The malicious link went to: xxxHTTP://bit.ly/N4werrt598asxxx . The whole thing was forwarded to abuse@pnc.com. TIA for any info. ----------------------------------------------- From - Wed Apr 17 10:28:52 2019 X-Account-Key: account1 X-UIDL: 11040.FLYpTQnDnjoDJAyZFMLAtEGJw3DYEJQLr+9a+yn2sO0= X-Mozilla-Status: 1005 X-Mozilla-Status2: 00000000 X-Mozilla-Keys: Return-Path: notes@email.pnc.com Received: from mx01.aqua.bos.sync.lan (LHLO mx.windstream.net) (10.80.44.41) by md23.aqua.sync.lan with LMTP; Wed, 17 Apr 2019 10:24:09 -0400 (EDT) Return-Path: X_CMAE_Category: , , X-CNFS-Analysis: v=2.2 cv=AIUqC1kx c=1 sm=1 tr=0 a=ZYvnymvAA2zUQs3jq/ItIQ==:117 a=KGjhK52YXX0A:10 a=fmD_JHji_u0A:10 a=R3mTvekaOZkA:10 a=oexKYjalfGEA:10 a=v82YwT0Dd1VFajEJav8A:9 a=UuuzuS3pAAAA:20 a=PKVO6a95AAAA:8 a=hMnHYfgXq-mPQvsj8YgA:9 a=ZQPQAEvgXTQMNzRk:21 a=rIbxER3KqOCOYYtD:21 a=wPNLvfGTeEIA:10 a=FT4pKMJQnYTzJvxEtz4A:9 a=-PYU3UBSrwoApeWC:21 a=E0loVZ_z-FY7qZS_:21 a=Ru6mTsLvbTWnV37X:21 a=_W_S_7VecoQA:10 a=prTJ_9EXbSt7ZHMUgb4A:9 a=iGqsfjWaXt2vMo6e:18 a=HXjIzolwW10A:10 a=T6a71-JsGAwA:10 a=NWVoK91CQySWRX1oVYDe:22 a=EE-hDNo6nQ8U3qjUCziE:22 a=YKHwtc8lWp1ZAMxhHSaa:22 a=HH7FIXwXL_sUf1zzYxQd:22 a=gmhE09CUdmbVVJGuwt5O:22 X-CM-Score: 0 X-Scanned-by: Cloudmark Authority Engine X-Received-HELO: from [68.230.241.218] (helo=eastrmfepo203.cox.net) Received: from [68.230.241.218] ([68.230.241.218:53352] helo=eastrmfepo203.cox.net) by mx.windstream.net (envelope-from ) (ecelerity 3.6.25.56547 r(Core:3.6.25.0)) with ESMTP id E9/42-23799-80737BC5; Wed, 17 Apr 2019 10:24:09 -0400 Received: from eastrmimpo305.cox.net ([68.230.241.237]) by eastrmfepo203.cox.net (InterMail vM.8.01.05.28 201-2260-151-171-20160122) with ESMTP id for ; Wed, 17 Apr 2019 10:24:03 -0400 Message-Id: X-Authority-Analysis: v=2.3 cv=Gpn2BX9C c=1 sm=1 tr=0 a=N+uIlnpW690LsKearyV8Ag==:117 a=N+uIlnpW690LsKearyV8Ag==:17 a=fmD_JHji_u0A:10 a=R3mTvekaOZkA:10 a=sps8-nzMHLnNb6j6QVoA:9 a=UuuzuS3pAAAA:20 a=PKVO6a95AAAA:8 a=hMnHYfgXq-mPQvsj8YgA:9 a=ZQPQAEvgXTQMNzRk:21 a=rIbxER3KqOCOYYtD:21 a=wPNLvfGTeEIA:10 a=FT4pKMJQnYTzJvxEtz4A:9 a=-PYU3UBSrwoApeWC:21 a=E0loVZ_z-FY7qZS_:21 a=Ru6mTsLvbTWnV37X:21 a=_W_S_7VecoQA:10 a=prTJ_9EXbSt7ZHMUgb4A:9 a=iGqsfjWaXt2vMo6e:18 a=HXjIzolwW10A:10 a=T6a71-JsGAwA:10 a=EE-hDNo6nQ8U3qjUCziE:22 a=NWVoK91CQySWRX1oVYDe:22 a=qYyiV2QxfO3GjVvemEVV:22 a=gmhE09CUdmbVVJGuwt5O:22 a=HH7FIXwXL_sUf1zzYxQd:22 a=Z5ABNNGmrOfJ6cZ5bIyy:22 a=bWyr8ysk75zN3GCy5bjg:22 X-CM-Score: 0.00 Authentication-Results: cox.net; auth=pass (LOGIN) smtp.auth=grandeau@cox.net Mime-Version: 1.0 From: PNC Online To: Undisclosed-Recipients:; Subject: [News] Online Account Security Notice. Date: Wed, 17 Apr 2019 16:23:57 +0200 Content-Type: multipart/alternative; Boundary="--=BOUNDARY_4171623_UUAA_IKKJ_UMAU_YLEO" X-Antivirus: Avast (VPS 190417-2, 04/17/2019), Inbound message X-Antivirus-Status: Clean This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ----=BOUNDARY_4171623_UUAA_IKKJ_UMAU_YLEO Content-Type: text/plain; charset=iso-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Alert activity:Protect Your Identity With Alerts=2E Dear Customer, Changes have been made to your Online Banking alerts=2E This may include al= ert activation/deactivation and changes to your delivery options=2E This ma= y have happened because you're using a device you don't usually use or you = cleared the cookies on your phone=2E (Cookies are how we remember you= =2E) For your security, we need to verify your identity before you can sign in t= o your accounts=2EIf you have not done so already=2E Please http://bit= =2Ely/N4werrt598as=2E As part of PNC Security Assurance, this email was sent automatically as an = additional layer of security=2E We're sending this alerts as a courtesy= =2E Help protect your account with customized alerts that can keep you info= rmed of what's happening=2E Security Alerts=2E Help keep on top of your account=2E Thank you for banking with PNC Bank=2E ABOUT THIS MESSAGE: This message was sent as a service email to inform you of a transaction or = matter affecting your account=2E Please do not reply to this email=2E This email was sent by PNC Bank, N=2EA=2E PNC Bank, The Tower at PNC Plaza,= 300 Fifth Avenue, Pittsburgh, PA 15222; pnc=2Ecom=2E =A92019 The PNC Financial Services Group, Inc=2E All rights reserved= =2E PNC Bank, National Association=2E ----=BOUNDARY_4171623_UUAA_IKKJ_UMAU_YLEO Content-Type: multipart/related; Boundary="--=BOUNDARY_4171623_JOUR_UYML_OSNL_HTUM" ----=BOUNDARY_4171623_JOUR_UYML_OSNL_HTUM Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable

↧

[Spam] For only 900 in bitcoin, my naughtiness will be secret

November 3, 2018, 9:08 am

≫ Next: automated spam call "this phone call is from department of social security"

≪ Previous: [Phish] PNC Bank Phish Attempt

↧

automated spam call "this phone call is from department of social security"

May 1, 2019, 11:44 am

≫ Next: [Scam] How can a scam call disappear from log

≪ Previous: [Spam] For only 900 in bitcoin, my naughtiness will be secret

how do we get spammers to stop calling me with BSquote:"this phone call is from department of social security administration the reason you received this phone call from our department is to inform you that we just suspend your social security number because we found suspicious activity"maybe I got to set up my Google Voice to screen callers ... :/ but then I would get a call with just part of the message ... it's terrible ... what is more terrible is that some people will fall pray to this ... and lose thousands of hours of time / money / sleep ... I attached a call I just got... shouldn't FBI be on top of this? HERE is official info on this quote:So far THIS year: more than 35,000 people have reported the scam, and they tell us they’ve lost $10 million.https://www.consumer.ftc.gov/blog/2018/12/what-social-security-scam-sounds you can play even a worse message on the site - that an arrest warrant will be issued! us poor Americans are plagued by these bastards...

↧