I’ve been promising to do this for quite some time, and now I guess I just got caught in the wrong mood!
I’ve set up this category to help people learn about: spam, blocking spam, filtering spam, and recognize spam emails. So, here’s the first of several spam articles to teach you about spam email.
My take is that if you want spam, you’re going to get published here!
I received this e-mail this morning. (The only thing I’ve removed is the name on the e-mail address because it may have been spoofed.)
Subject: Microsoft Award Notification
From: “Rene Lingenfelter” <XXXXX@students.uwf.edu>
Date: Sat, 5 Jul 2008 20:38:52 -0500
BCC:
Microsoft Award Team
20 Craven Park, Harlesden
London NW10, United Kingdom.
Batch number: 12/25/0340
Ref number: MSN-L/200-26937
Winning number: TA09788
Microsoft Award Notification
This is to inform you that you have won a prize money of FIVE HUNDRED THOUSAND POUND (£500,000.00) for the New Edition 2008 Lottery promotion which is organized by YAHOO LOTTERY INC & WINDOWS LIVE.
YAHOO & MICROSOFT WINDOWS, collects all the email addresses of the people that are active online, among the millions that subscribed to Yahoo and Hotmail we only select five people every Month as our winners through electronic balloting System without the winner applying, we congratulate you for being one of the people selected.
PAYMENT OF PRIZE AND CLAIM
You are to contact your Claims Agent with immediate effect to facilitate the protocol of your winning prized before the date of Claim, Winners Shall be paid in accordance with his/her Settlement Centre Prize must be claimed not later than 15 days from date of Draw Notification after the Draw date in which Prize has won. Any prize not claimed within this period will be forfeited.
These are your identification numbers:
Batch number……………….12/25/0340
Reff number…………………..MSN-L/200-26937
Winning number……………….TA09788
To begin your claim please contact our licensed and accredited agent assigned to you
MR. Terry Martins
(VERIFICATION DEPARTMENT MANAGER)
Email: mr_terrymartins1977@hotmail.com
[THIS E-MAIL ADDRESS HAS NOT BEEN CHANGED BECAUSE IT IS REQUESTING YOU RESPOND TO IT. THAT MEANS THIS IS THE PARTY COLLECTING THE INFORMATION REQUESTED HERE!]
<mhtml:{DB4EB49B-F16E-4DF7-BB5E-C6AF6CDA3D5B}mid://00000002/!x-usc:mailto:mr_terrymartins1977@hotmail.comt>
Tel: +44-703-190-9638
Tel: +44-703-196-8309
Fax: +44 870 471 6651
You are therefore advised to send the following information to the claims agent to facilitate them and in order for them to have access in proceeding with the transferr of your funds to your nominated bank account.
1. Full name…………
2. Country…………..
3. Contact Address……..
4. Telephone Number…….
5. Marital Status………
6. Occupation………….
7. Company…………..
8. Age………………..
Msn Lottery Prize must be claimed not later than 15 days from date of Draw Notification after the Draw date in which Prize has won. Any prize not claimed within this period will be forfeited.
Congratulations!! once again.
Yours in service,
Mrs. Rene Lingenfelter.
(Operation Manager)
The headers from the e-mail which shows where it is really coming from (my own personal information removed)
From - Sun Jul 06 08:09:57 2008
X-Account-Key: xxxxxxxxxxx
X-UIDL: UID20969-1183126117
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys: Return-path: <prvs=1066ca1b57=rwl1@students.uwf.edu>
Envelope-to: xxxxxxxxx@mice.org Delivery-date: Sat, 05 Jul 2008 18:41:10 -0700
Received: from alpha.uwf.edu ([143.88.1.66] helo=uwf.edu) by xxxxx.XXXXXXXXXXX.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.68) (envelope-from <prvs=1066ca1b57=rwl1@students.uwf.edu>)
id 1KFJFP-000201-MP for xxxxxxx@xxxx.org; Sat, 05 Jul 2008 18:41:10 -0700
Received: from ([143.88.1.121])
by alpha.uwf.edu with ESMTP id KP-BRBWA.70787433;
Sat, 05 Jul 2008 20:39:40 -0500 Received: from XSTVS.argo.uwf.edu ([10.10.0.47]) by mail.uwf.edu with Microsoft SMTPSVC(6.0.3790.3959); Sat, 5 Jul 2008 20:39:39 -0500 X-MimeOLE:
Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message MIME-Version: 1.0
Content-Type: text/plain; charset=”iso-8859-1″
Content-Transfer-Encoding: quoted-printable Subject: Microsoft Award Notification
Date: Sat, 5 Jul 2008 20:38:52 -0500
Message-ID: <EA842B533AA9DB44BC514533D895A00231CD9A@XSTVS.argo.uwf.edu>
X-MS-Has-Attach: X-MS-TNEF-Correlator:
Thread-Topic: Microsoft Award Notification
Thread-Index: AcjfCQqKkpG3harLRt+XJAXAN2RCzQ== From: “Rene Lingenfelter” <xxxxx@students.uwf.edu>
Bcc:
X-OriginalArrivalTime: 06 Jul 2008 01:39:39.0790 (UTC) FILETIME=[27F18AE0:01C8DF09]
X-Spam-Status: No, score=-0.8 X-Spam-Score: -7 X-Spam-Bar: / X-Spam-Flag: NO
First of all, Microsoft, nor Yahoo cooperate in any kind of lottery. Not AOL, MSN, Hotmail, or any other mail host! THIS IS A HOAX and a phishing e-mail! And if I do say so, a pretty lame one at that!
The hoax part is the stupid Lottery in the first place - NO SUCH THING.
The phishing part is the information they are looking for. They are asking you to verify your winnings by giving your full name, address, phone, marital status, age, occupation, and company. Can you say, “Identity Theft?”
The mail headers do not looked spoofed to me so it appears that this e-mail did come from the University of West Florida. Perhaps a student sent it or there is a botnet sending spam from their servers. Only the school knows for sure.
Here’s the IP address lookup that shows that IP address in the message header is coming from the University:
If this is a student doing it to be funny or cute, you need to pay more attention to your school work. It’s not funny, nor is it cute.
If this is a spammer using the school’s server for sending out this information, BUSTED! My advice to the school IT department is to check for botnets and rootkits on every single machine at the University!
And if the owner of this e-mail and phisher for the information is alias: mr_terrymartins1977@hotmail.com, may you spend eternity in e-mail hell because this kind of garbage makes my e-mail hell!
Many more to come!
PS I didn’t try the phone numbers because they are probably bogus too!
Do you enjoy this blog? Then buy me a coffee or send me a tip! May I suggest $3 for a Venti (extra-large) cup of Starbucks Carmel Macchiato? You can also choose any amount you wish.
Recent Comments