Results 1 to 14 of 14
  1. #1
    New Lounger
    Join Date
    Dec 2009
    Location
    Seattle, WA, USA
    Posts
    15
    Thanks
    3
    Thanked 0 Times in 0 Posts

    Fake email pretending to be from Windows Secrets, but really from hostgator

    11:38a Pacific I got mail purporting to be from Windows Secrets, but in reality the headers looked a bit different:


    Subject: Can you really make money with surveys?
    X-PHP-Script: "email obscured purposely" for 178.86.6.97
    From: Windows Secrets <Ivor@windowssecrets.com>
    Reply-To:"email obscured purposely"
    MIME-Version: 1.0
    Content-Type: text/plain; charset=utf-8
    Content-Transfer-Encoding: 8bit
    Message-Id: <E1TDgD7-0006ol-3i@gator742.hostgator.com>
    Date: Mon, 17 Sep 2012 13:38:21 -0500
    X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
    X-AntiAbuse: Primary Hostname - gator742.hostgator.com
    X-AntiAbuse: Original Domain - gmail.com
    X-AntiAbuse: Originator/Caller UID/GID - [995 32003] / [47 12]
    X-AntiAbuse: Sender Address Domain - gator742.hostgator.com
    X-BWhitelist: no
    X-Source: /usr/bin/php
    X-Source-Args: /usr/bin/php /home/tgt038/public_html/mlynchlandscapes.co.uk/wp-content/plugins/akismet/legacy.php
    X-Source-Dir: sevenoaksbuilder.com:/public_html/mlynchlandscapes.co.uk/wp-content/plugins/akismet
    X-Source-Sender:
    X-Source-Auth: tgt038
    X-Email-Count: 62
    X-Source-Cap: dGd0MDM4O3RndDAzODtnYXRvcjc0Mi5ob3N0Z2F0b3IuY29t

    Last edited by Medico; 2012-09-17 at 20:21.

  2. #2
    New Lounger
    Join Date
    Jul 2004
    Location
    Pennsylvania, USA
    Posts
    9
    Thanks
    0
    Thanked 1 Time in 1 Post
    Mine looks like this:

    Subject: Can You Make Money With Surveys?
    X-PHP-Script: "email obscured purposely" for 178.86.6.97
    From: Windows Secrets < "email obscured purposely">
    Reply-To: "email obscured purposely"
    MIME-Version: 1.0
    Content-Type: text/plain; charset=utf-8
    Content-Transfer-Encoding: 8bit
    Message-Id: < "email obscured purposely">
    Date: Mon, 17 Sep 2012 14:21:55 -0400
    X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
    X-AntiAbuse: Primary Hostname - sin2.hostdime.in
    X-AntiAbuse: Original Domain - arrowsmithfamily.com
    X-AntiAbuse: Originator/Caller UID/GID - [615 32003] / [47 12]
    X-AntiAbuse: Sender Address Domain - sin2.hostdime.in
    X-Source: /usr/bin/php
    X-Source-Args: /usr/bin/php /home/jobcaree/public_html/innovationluggage.org/wp-content/plugins/akismet/legacy.php
    X-Source-Dir: jobcareerguru.com:/public_html/innovationluggage.org/wp-content/plugins/akismet
    X-Nonspam: None
    Last edited by Medico; 2012-09-17 at 20:19.
    --
    Don

  3. #3
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Thanks for letting us know.

  4. #4
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    This is the same Rui.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  5. #5
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    These are fake emails spoofing to be Windows Secrets. THEY ARE NOT from WS. Please either delete these or add a post here. This may allow our administrators to track down these individuals responsible for this phishing attack.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  6. #6
    New Lounger
    Join Date
    Feb 2011
    Posts
    8
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Fake email re making money from filling out surveys

    Kinda aimed at the wrong audience, n'est as? I would think most subscribers to Windows Secrets would know this was a scam. .............
    Delivered-To: xxxxx
    Received: by 10.64.8.49 with SMTP id o17csp1476iea;
    Mon, 17 Sep 2012 11:43:58 -0700 (PDT)
    Received: by 10.68.234.65 with SMTP id uc1mr23792180pbc.89.1347907435870;
    Mon, 17 Sep 2012 11:43:55 -0700 (PDT)
    Return-Path: <ylje@server3.jehzeel.com>
    Received: from server3.jehzeel.com (server3.jehzeel.com. [69.175.66.2])
    by mx.google.com with ESMTPS id px6si16670393pbc.34.2012.09.17.11.43.55
    (version=TLSv1/SSLv3 cipher=OTHER);
    Mon, 17 Sep 2012 11:43:55 -0700 (PDT)
    Received-SPF: pass (google.com: best guess record for domain of "email obscured purposely" designates 69.175.66.2 as permitted sender) client-ip=69.175.66.2;
    Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of "email obscured purposely" designates 69.175.66.2 as permitted sender) smtp.mail=ylje@server3.jehzeel.com
    Received: from ylje by server3.jehzeel.com with local (Exim 4.77)
    (envelope-from <ylje@server3.jehzeel.com>)
    id 1TDgIT-004M90-Kp
    for "email obscured purposely"; Mon, 17 Sep 2012 13:43:53 -0500
    To: xxxxx
    Subject: $50 for your first survey!
    From: Windows Secrets <Ignatius@windowssecrets.com>
    Reply-To: "email obscured purposely"
    MIME-Version: 1.0
    Content-Type: text/plain; charset=utf-8
    Content-Transfer-Encoding: 8bit
    Message-Id: <E1TDgIT-004M90-Kp@server3.jehzeel.com>
    Date: Mon, 17 Sep 2012 13:43:53 -0500
    X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
    X-AntiAbuse: Primary Hostname - server3.jehzeel.com
    X-AntiAbuse: Original Domain - gmail.com
    X-AntiAbuse: Originator/Caller UID/GID - [778 775] / [47 12]
    X-AntiAbuse: Sender Address Domain - server3.jehzeel.com

    Hi,

    When you join GetCashForSurveys today, you will receive $50 free when you take your first paid survey!

    We are not going to offer this special offer for much longer, so take advantage of this
    opportunity while you can!

    Click Here To Get Started Now! "email obscured purposely"
    It may sound hard to believe, but it\'s true. There are thousands of companies out there who are willing to pay for your opinions regarding their products. This is an
    important part of product research, and they rely on people just like you for
    your honest opinion!

    One man has single-handedly put together the largest database of companies that hire people just like you, to give their opinions on products.

    Imagine getting paid for doing things like:

    - Trying out new menu items from popular restaurants
    - Take short surveys about new cars that are coming out soon
    - Give your opinion about new clothing and shoe designs

    Click Here To Get Started Now! "email obscured purposely"

    When you join, you\'ll have access to all of these companies hand selected by me, Gary Mitchell.

    Taking a few paid surveys in your spare time can really make a difference in your income.

    Try it out, and remember, you get $50 for your first paid survey!

    Click Here To Get Started Now! "email obscured purposely"

    Regards,
    Gary Mitchell
    Last edited by Medico; 2012-09-17 at 20:20.

  7. #7
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    There is no need to keep posting more email contents. It's obvious they are not from WindowsSecrets. Do not download anything or visit any links from such emails.

  8. #8
    New Lounger
    Join Date
    Dec 2009
    Location
    Seattle, WA, USA
    Posts
    15
    Thanks
    3
    Thanked 0 Times in 0 Posts
    I don't know how widespread this is, but someone who really is from Windows Secrets might want to include something in the next newsletter warning about such phishing to Windows Secrets members. I suppose it's possible they're sending them to a larger list and they are just more likely to be accepted by subscribers. Although, given what I would guess to be a greater amount of computer savvy among subscribers, perhaps that wouldn't be the case.

    -Eric

  9. #9
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post
    Quote Originally Posted by ruirib View Post
    There is no need to keep posting more email contents. It's obvious they are not from WindowsSecrets. Do not download anything or visit any links from such emails.
    So what is the policy anyway???
    You ( an Admin ) says to not bother posting any more of these email contents. yet a couple of posts earlier, Super Mod, medico, say "add a post here to allow our admins to track down those responsible,etc., etc,"
    I came back here to notify WS of the obvious Spam by this Gary Mitchell guy who now wants you to make $20 in 8 minutes online? ( sure thing, Gary )
    now using an address of "email obscured purposely".
    Are you now doing nothing to get rid of obvious spammers?

    [Posted by a former VIP member.]
    Last edited by Medico; 2012-09-18 at 18:19.
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  10. #10
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Windows Secrets is aware of the issue, as reported on the home page, and is looking into it:

    Important Notice: You might have recently received spam e-mail that appears to have come from Windows Secrets. We can assure you, it did not come from us. We are investigating the issue. Our sincere apologies.
    - The Windows Secrets staff

    As I said, there is absolutely no point in posting endless copies of similar emails here, with obviously fake email addresses and from fictional characters. They will add nothing to the investigation that is going on.

    This is the Windows Secrets Lounge. Most members of the moderation team have no relation to Windows Secrets or iNet Interactive. As such, we did what we could do - reported the situation. All we can say is that it was reported and the reply from Windows Secrets is the one I posted before.

    From our point of view, that is from the Lounge point of view, which is where I am an Admin, that's all we can do. I am sure Windows Secrets will provide more information as soon as it is available.

  11. #11
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    I agree that we have received more than enough of these fake emails. Initially it seemed an isolated case, but suddenly blossomed into a full fledged attack. I have personally reported this to the iNet administrator. He is working on the phishing problem. It appears this just started today. This morning when I first signed on, I read the first report of this problem, and this was presented in the Contact Us section by a non-member. I started the reporting process at that time. I also do not have the expertise or access to the Lounge S/W to personally track this, so I report it to the appropriate person to do so.

    I can also personally state that we are taking spammers seriously. There have been many filters put in place to stop spammers. In addition we have manually banned many spammers trying to ply their garbage in the Lounge. We have been very proactive in ridding the Lounge of these individuals. I personally check every new member I see, and check every member signed on when I sign on.
    Last edited by Medico; 2012-09-18 at 15:19.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  12. #12
    New Lounger
    Join Date
    Sep 2012
    Location
    Massachusetts
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    email spam mailing list

    I think it would be interesting to know if any of the email addresses receiving this spam are NOT on the Windows Secrets mailing list. I guess I'd be surprised if Windows Secrets was high profile enough that spammers would be send this out to random emails assuming people would recognize the sender.

  13. #13
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    As I stated, We did receive a comment in the Contact Us section that was a non-member (not registered at Windows Secrets) stating he had received this email.

    Unfortunately hackers and spammers are constantly attempting to exploit forums such as ours to their advantage. Our administration is working diligently to stop these phishing attempts and preventing the same in the future.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  14. #14
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    This phishing/spamming problem's solution has been found. Please read the official announcement here.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •