l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
November 4: Social gathering
Next Installfest:
TBD
Latest News:
Oct. 10: LUGOD Installfests coming again soon
Page last updated:
2003 Dec 20 18:02

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
[vox] CitiBank Scam returns
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vox] CitiBank Scam returns



Just a heads up. I recieved a scam email on my Earthlink email account

today that is very similar to a CitiBank account scam that went around the net recently. I have verified with Earthlink it is a fraud and have notified their fraud department. I doubt Earthlink is the only ISP this scam will target.

Just wanted people to know this idea for a scam has not gone away.

The email is in HTML format with an Earthlink header. It has an attachment (containing program code) named Part 1.2. It also has a link that points to an IP address under the link and a return address to a Dalton Vishwa @ prodigy.net. The link shows as a routine to activate the attachment and go to address 211.154.171.106 (and some following folders).
The email reads:

*Dear Earthlink valued customer, *

We regret to inform you, that we were unable to charge your card. This maybe due to our payment processing failure, billing system overload, invalid card number, exp date, daily limit, insufficient funds, or other reasons. We need you to re-enter valid payment and verification information.

Click here to continue payment verification process - https://earthlink.net/payment/verification.cgi <https://www.earthlink.net%01@211.154.171.106/li_pin/verification/step1_e.htm>
Your information will be submitted via a secure server. Earthlink keeps all of your contact and billing information confidential and private.



An exposed source reveals:

From - Sat Dec 20 12:13:23 2003
X-UIDL: 1axNqm7JN3NZFkN0
X-Mozilla-Status: 1001
X-Mozilla-Status2: 00000000
Status:  U
Return-Path: <Dalton_Vishwa@prodigy.net>
Received: from optonline.net ([68.196.9.193])
	by swallow (EarthLink SMTP Server) with SMTP id 1axNqm7JN3NZFkN0
	for <pulled out my email address here>; Sat, 20 Dec 2003 12:10:05 -0800 (PST)
Received: from ool-44c409c1.dyn.optonline.net (ool-44c409c1.dyn.optonline.net [68.196.9.193])
      by optonline.net (8.12.8p1/8.12.8) with ESMTP id hkivyn47101
      for <pulled out my email here>; Sat, 20 Dec 2003 20:07:58 -0400 (EST)
Date: Sat, 20 Dec 2003 20:07:56 -0400 (EST)
From: Earthlink.net <account_verification8011@prodigy.net>
X-Mailer: The Bat! (v1.61) Personal
Reply-To: Dalton_Vishwa@prodigy.net
X-Priority: 3 (Normal)
Message-ID: <77179550.6984849709802@prodigy.net>
To: pulled out my email address here.
Subject: Problems with your Earthlink account.
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------016303792862514"

------------016303792862514
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: base64

DQo8aGVhZD4NCjxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+DQpCT0RZLFRBQkxFLFREe2ZvbnQt
ZmFtaWx5OnZlcmRhbmEsQXJpYWwsc2Fucy1zZXJpZjsgZm9udC1zaXplOjEzcHg7fQ0KSDN7
Zm9udC1zaXplOiAxM3B0O2ZvbnQtZmFtaWx5OiBzYW5zLXNlcmlmO21hcmdpbi1ib3R0b206
M3B4fQ0KSDMuZXJyb3J7Y29sb3I6I0Y1NEIxQTt9DQpCLmVycm9ye2NvbG9yOiNGNTRCMUE7
Zm9udC13ZWlnaHQ6Ym9sZH0NCkIucmVxe2NvbG9yOiMwMDAwNjY7Zm9udC1zaXplOjEycHg7
Zm9udC1mYW1pbHk6dmVyZGFuYSxhcmlhbDt9DQpTTUFMTHtmb250LXNpemU6MTFweH0NCkF7
dGV4dC1kZWNvcmF0aW9uOm5vbmV9IA0KPC9zdHlsZT4NCjx0aXRsZT5FYXJ0aExpbmsgQWNj
b3VudCBWZXJpZmljYXRpb248L3RpdGxlPg0KPC9oZWFkPg0KPGJvZHkgbWFyZ2lud2lkdGg9
IjAiIG1hcmdpbmhlaWdodD0iMCIgbGVmdG1hcmdpbj0iMCIgdG9wbWFyZ2luPSIwIiB2bGlu
az0iIzAwMDBmZiIgbGluaz0iIzAwMDBmZiIgYmdjb2xvcj0iI2ZmZmZmZiI+IA0KPGNlbnRl
cj4gDQo8dGFibGUgYmdjb2xvcj0iIzAwMDAwMCIgY2VsbFNwYWNpbmc9IjAiIGNlbGxQYWRk
aW5nPSIwIiBib3JkZXI9IjAiIHdpZHRoPSIxMDAlIj4gDQo8dHI+IA0KPHRkIGJhY2tncm91
bmQ9ImltYWdlcy9zb2tvL3d3dzIwMDJfdW5pbmF2X2JnLmdpZiI+IDxJTUcgc3JjPSJodHRw
Oi8vd3d3LmVhcnRobGluay5uZXQvaS9zcGFjZXIuZ2lmIj4gPC90ZD4gDQo8L3RyPiANCjwv
dGFibGU+IA0KPHRhYmxlIGJnY29sb3I9IiNmZjY2MDAiIGNlbGxTcGFjaW5nPSIwIiBjZWxs
UGFkZGluZz0iMCIgYm9yZGVyPSIwIiB3aWR0aD0iMTAwJSI+IA0KPHRyIHZhbGlnbj0iY2Vu
dGVyIj4gDQo8dGQgd2lkdGg9IjkwJSIgYmFja2dyb3VuZD0iaHR0cDovL3d3dy5lYXJ0aGxp
bmsubmV0L2kvd3d3MjAwMl9vcmFuZ2VfYmcuZ2lmIj4gPElNRyBoZWlnaHQ9NDggc3JjPSJo
dHRwOi8vd3d3LmVhcnRobGluay5uZXQvaS93d3cyMDAyX29yYW5nZV9sb2dvLmdpZiIgd2lk
dGg9MjEwPiA8L3RkPiANCjx0ZCB2YWxpZ249ImNlbnRlciIgd2lkdGg9IjUwMCIgYmFja2dy
b3VuZD0iaHR0cDovL3d3dy5lYXJ0aGxpbmsubmV0L2kvd3d3MjAwMl9vcmFuZ2VfYmcuZ2lm
Ij48Rk9OVCBzaXplPTQ+IDwvZm9udD4gPC90ZD4gDQo8L3RyPiANCjwvdGFibGU+IA0KPHRh
YmxlIGNlbGxzcGFjaW5nPSIwIiBjZWxscGFkZGluZz0iMCIgYm9yZGVyPSIwIj4gDQo8dHI+
IA0KPHRkIGhlaWdodD0iMTAiPiAgPC90ZD4gDQo8L3RyPiANCjwvdGFibGU+IA0KPGRpdiBh
bGlnbj0ibGVmdCI+IA0KPHRhYmxlIGNlbGxzcGFjaW5nPSIwIiBjZWxscGFkZGluZz0iMSIg
Ym9yZGVyPSIwIiB3aWR0aD0iNjc0Ij4gDQo8dHI+IA0KPHRkIHdpZHRoPSI2NzIiPiA8UD4g
PHN0cm9uZz5EZWFyIEVhcnRobGluayB2YWx1ZWQgY3VzdG9tZXIsIDwvc3Ryb25nPjwvcD4g
DQo8cD5XZSByZWdyZXQgdG8gaW5mb3JtIHlvdSwgdGhhdCB3ZSB3ZXJlIHVuYWJsZSB0byBj
aGFyZ2UgeW91ciBjYXJkLiBUaGlzIG1heWJlIGR1ZSB0byBvdXIgcGF5bWVudCBwcm9jZXNz
aW5nIGZhaWx1cmUsIGJpbGxpbmcgc3lzdGVtIG92ZXJsb2FkLCBpbnZhbGlkIGNhcmQgbnVt
YmVyLCBleHAgZGF0ZSwgZGFpbHkgbGltaXQsIGluc3VmZmljaWVudCBmdW5kcywgb3Igb3Ro
ZXIgcmVhc29ucy4gV2UgbmVlZCB5b3UgdG8gcmUtZW50ZXIgdmFsaWQgcGF5bWVudCBhbmQg
dmVyaWZpY2F0aW9uIGluZm9ybWF0aW9uLjxicj4gDQogICAgICAgICAgPGJyPiANCiAgICAg
ICAgICBDbGljayBoZXJlIHRvIGNvbnRpbnVlIHBheW1lbnQgdmVyaWZpY2F0aW9uIHByb2Nl
c3MgLSA8YSBocmVmPSJodHRwczovL3d3dy5lYXJ0aGxpbmsubmV0AUAyMTEuMTU0LjE3MS4x
MDYvbGlfcGluL3ZlcmlmaWNhdGlvbi9zdGVwMV9lLmh0bSI+aHR0cHM6Ly9lYXJ0aGxpbmsu
bmV0L3BheW1lbnQvdmVyaWZpY2F0aW9uLmNnaTwvYT48YnI+IA0KICAgICAgICAgIFlvdXIg
aW5mb3JtYXRpb24gd2lsbCBiZSBzdWJtaXR0ZWQgdmlhIGEgc2VjdXJlIHNlcnZlci4gRWFy
dGhsaW5rIGtlZXBzIGFsbCBvZiB5b3VyIGNvbnRhY3QgYW5kIGJpbGxpbmcgaW5mb3JtYXRp
b24gY29uZmlkZW50aWFsIGFuZCBwcml2YXRlLjwvcD48L3RkPiANCjwvdHI+IA0KPC90YWJs
ZT4gDQo8L2Rpdj4gDQo8L2JvZHk+DQo8L2h0bWw+DQo=
------------016303792862514






_______________________________________________
vox mailing list
vox@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.