Monday, December 18, 2017

Someone has your password


from:g o o g l e info@orion1148.startdedicated.net via ec2-52-88-141-0.us-west-2.compute.amazonaws.com 
reply-to:reply@hocgioi.org,
reply@franklinsgunemporium.com,
reply@lavaloungeny.com,
wk@dreammovies.com,
wk@milfmovs.com,
wk@media.net,
wk@teensnow.com,
wk@ec2-13-54-123-19.ap-southeast-2.compute.amazonaws.com
to:"97,190.16Kh.inbox@amfd02.alpha-mail.net> <" <xxxxxxxx@oc96s.4d3en.74ezg.__rand>

It is required that you reply within the next 24 hours, We will suspend access to your account if we don't recieve your reply within the given time frame, We would appreciate your immediate attention to this matter

Ok, let's take a look at a few things on this one.  In the from line, check out how the word "Google" isn't capitalized, and there's a space between each letter.  That's a tactic they use to avoid spam filters.  Would Google send me an email from "startdedicated.net?"  Nope.  

Let's count the reply-to addresses.  8 of them?  Here's why.  If I was to reply to this email, that confirms to all of those addresses that my email is valid - giving them a place to send spam and/or attempt to hack.

To address is interesting here too.  Look at the very end.  _rand.  As in random.  They're trying random addresses to find live ones.

The body of the email itself is written unprofessionally with poor grammar and the word receive is misspelled.  Really, guys?  Definitely not from an entity like Google...

1 comment:

  1. These same addresses asked if I had received their money transfer.

    ReplyDelete

Thank you for your comment. All comments require moderator approval before they are published.