Don't obsess on the message headers. Look at the scam site (the URL is
cloaked in the e-mail):
https://www.e-gold.cc/acct/manager.htm
Unencoded, the HTML appears to be stuffing stolen account info into a page
called https://a.e-gold.cc/acct.php
In other words, there's no throwaway Hotmail drop box, etc. All the goods
are right on that server, which appears to be hosted by Hurricane Electric
(he.net) in Cal.
They even have an SSL certificate, although you don't need to use https to
access the site.
Clever scam, but I wonder how many victims they can hope for. It sounds
like they're blindly spamming out that e-maill and don't have a customer
list, although they could probably put one together from here:
http://www.e-gold.com/unsecure/lists.html
Brian
At 01:02 PM 11/15/2002, Tim May wrote:
On Friday, November 15, 2002, at 08:59 AM, Tim May wrote:
I received a similar letter, and also one from PayPal/EBay which was
quite similar in language. The full headers of the E-gold letter are
included at the end of this message.
Here are the headers of the E-gold message I got:
From:
[demime 0.97c removed an attachment of type image/tiff which had a name
of image.tiff]
The headers got demimed, at least on the version I got back from lne.com.
So, I hope what follows is plain text only. (My editors say it is.)
From [EMAIL PROTECTED] Fri Nov 15 08:05:42 2002
Received: by sphinx (mbox tcmay)
(with Cubic Circle's cucipop (v1.31 1998/05/13) Fri Nov 15 08:10:44 2002)
X-From_: [EMAIL PROTECTED] Fri Nov 15 07:31:14 2002
Return-Path: [EMAIL PROTECTED]
Received: from psmtp.com (exprod5mx17.postini.com [64.75.1.157])
by sphinx.got.net (8.12.2/8.12.2/Debian -5) with SMTP id
gAFFVDap010192
for [EMAIL PROTECTED]; Fri, 15 Nov 2002 07:31:14 -0800
Received: from source ([24.51.87.108]) by exprod5mx17 ([64.75.1.245]) with
SMTP;
Fri, 15 Nov 2002 10:31:13 EST
Received: from 216.53.150.250 (HELO maple.omnipay.net)
by smtp.c000.snv.cp.net (209.228.32.87) with SMTP; Fri, 15 Nov
2002 15:31:32 +
Received: by MAPLE with Internet Mail Service (5.5.2655.55)
id TBHXL3DL; Fri, 15 Nov 2002 15:31:32 +
From: Service EG [EMAIL PROTECTED]
To: e-gold customer [EMAIL PROTECTED]
Subject: [e-gold-service] We have set a value limit on your e-gold account
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Internet Mail Service (5.5.2655.55)
Date: Fri, 15 Nov 2002 15:31:32 +
Message-ID: h0jrog#fxvwrphuh0jrog#fxvwrphu@MAPLE
Mime-Version: 1.0
Content-Type: text/html; charset=iso-8859-1
