Latest email scam to watch for

Tuesday, December 18, 2007

I had seen a warning about this earlier today, but wouldn’t have fallen for it after even the briefest review:

secure-your-credit-card scam email

First of all, all the links (including the one to Microsoft and all the credit card companies) link to the same scammy web address, which you can see in the final "For security your Credit Card information" line. Ingeniously, someone actually registered the domain name with which to scam the public into giving away their credit card information. You have to give them credit for that, although their nameservers are Yahoo, so it was only a matter of time before someone woke up over there and cut them off — the site is already down.

Secondly, the scam artist claims to be from Microsoft, yet gives a non-Microsoft email address and website. Yeah, right.

Thirdly, the grammatical errors are beyond laughable:

  • "the up mentioned Credit Card companies"
  • "The securing of your Credit Card will not take longer than 3 minutes, and can spare you of loosing your hard earned money"
  • "Microsoft has sent this email in conformity with the law protected email program rules"

The email header included the following:

Return-Path: support@secure-your-credit-card.com

Received: from stonefive.com ([69.27.20.174]) by mx.google.com with ESMTP id 5si706804nzk.2007.12.18.17.17.02; Tue, 18 Dec 2007 17:17:03 -0800 (PST)

Received-SPF: neutral (google.com: 69.27.20.174 is neither permitted nor denied by best guess record for domain of support@secure-your-credit-card.com) client-ip=69.27.20.174;

Authentication-Results: mx.google.com; spf=neutral (google.com: 69.27.20.174 is neither permitted nor denied by best guess record for domain of support@secure-your-credit-card.com) smtp.mail=support@secure-your-credit-card.com

Received: from ts1.albblaw.local ([69.54.73.162]) by stonefive.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 18 Dec 2007 17:35:45 -0700

From: "Microsoft" <support@secure-your-credit-card.com>

I’m not sure if that means that the stonefive.com SMTP server or the IP address 69.27.20.174 were hijacked for this purpose.

Leave a Reply