Nice Try

Posted on February 7, 2005 in Scoundrels

I received one of those fake emails which purport to be notices that someone has used my account for fraudulent purposes at eBay. I went to the URL (http://www.secure66.nocdirect.com/~jdjrewsh/ebay/) and found an invitation to list my credit card information “for purposes of verfication”. “Just give us the number and we’ll do the rest.”

Yeah, right. Nice try.

Full header information for those who want to see what a hacker’s identification looks like:

eturn-Path: <>
Received: from [10.1.1.26] (HELO m26.spamarrest.com)
by spamarrest.com (CommuniGate Pro SMTP 4.2b8)
with ESMTP id 47690574 for gazissax; Mon, 07 Feb 2005 00:05:41 -0800
Return-Path:
Delivered-To: gazissax@gazissax.best.vwh.net
Received: (qmail 48014 invoked by uid 19550); 7 Feb 2005 05:12:50 -0000
Received: from unknown (HELO best1.best.com) ([128.121.214.246])
(envelope-sender )
by 192.220.76.94 (qmail-ldap-1.03) with SMTP
for ; 7 Feb 2005 05:12:50 -0000
Received: from pulsar.nocdirect.com (pulsar.nocdirect.com [69.73.175.125])
by best1.best.com (8.12.11/8.12.11) with ESMTP id j175AfF7011524
for ; Sun, 6 Feb 2005 21:10:42 -0800 (PST)
Received: from nobody by pulsar.nocdirect.com with local (Exim 4.43)
id 1Cy1CD-00015g-Mu
for gazissax@best.com; Sun, 06 Feb 2005 23:12:25 -0600
To: gazissax@best.com
Subject: eBay Registration Suspension
From: “aw-confirm@ebay.com”
Reply-To: aw-confirm@ebay.com
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 8bit
Message-Id:
Date: Sun, 06 Feb 2005 23:12:25 -0600
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname – pulsar.nocdirect.com
X-AntiAbuse: Original Domain – best.com
X-AntiAbuse: Originator/Caller UID/GID – [99 32003] / [47 12]
X-AntiAbuse: Sender Address Domain – pulsar.nocdirect.com
X-Source:
X-Source-Args: /usr/local/apache/bin/httpd -DSSL
X-Source-Dir: djrewshforum.com:/public_html/php
Status:
X-SA-Poll-Id: 3f9f62e000068329..1..1107753145000