Fraudsterii sunt din ce in ce mai disperati  

Thrown (Ţâpat) in , , ,

M-a contactat recent cineva care vroia sa stea de vorba. Era cica o femeie din California si vroia sa vina sa ma vada. Investigatia care urmeaza ar putea sa-ti fie folositoare. Iata un log al conversatiei noastre

Session Start (zam0lx1s:jb): Mon Jan 21 08:55:54 2008 [08:55] jb: love to talking with u sometimes [08:55] *** Auto-response sent to jb: wrkn ttyl [08:55] *** (Link: yahoo://0:yahoo-profile:jb)jb has added you to their contact list. You may choose to (Link: yahoo://1:yahoo-accept:jb)accept or (Link: yahoo://1:yahoo-deny:jb)deny this action. You may also (Link: yahoo://1:yahoo-add:jb)add this user to your contact list or (Link: yahoo://1:yahoo-ignore:jb)ignore this user. [08:56] jb: u there??? [08:56] jb: cmon talk back [08:56] jb: [09:12] zam0lx1s: who r u? [09:12] jb: am juli [09:12] jb: got yah profile from yahoo members [09:12] *** "jb" signed on at Mon Jan 21 09:12:59 2008. [09:13] zam0lx1s: i was just about to leave [09:13] zam0lx1s: tell me more about u [09:13] jb: ok [09:13] jb: am jjuli [09:13] zam0lx1s: can't see much in your profile :) [09:13] *** You have been successfully added to jb's contact list. [09:13] jb: i stay in california...................i love meeting people, myname is juliana [09:13] jb: am a lil bit tall [09:14] zam0lx1s: i got the same problem :) [09:14] jb: still very much new to the internet stuffs [09:14] zam0lx1s: how old r u? [09:15] jb: am 32 years [09:15] jb: and u?? [09:15] zam0lx1s: about the same [09:15] jb: thats cool [09:15] jb: cant i see u?? [09:16] zam0lx1s: you mean, video or photo? [09:16] jb: i mean photo [09:16] zam0lx1s: sure. but let me see yours first [09:16] jb: what u using to talk with me?? [09:17] zam0lx1s: why? [09:17] zam0lx1s: oh, you can't send it straight, i use trillian [09:17] jb: i cant send file here............. [09:17] zam0lx1s: it's a bit quirky [09:17] jb: i cant send my pics via the file [09:17] zam0lx1s: do you have an online photo album? [09:18] jb: yeah [09:19] jb: i have my pics showing on the diaplay avatar [09:19] zam0lx1s: i guess i have to log off and log in again to see it Session Close (jb): Mon Jan 21 09:19:54 2008 Session Start (zam0lx1s:jb): Mon Jan 21 09:20:22 2008 [09:20] jb: your eye only [09:20] jb: wanna see the rest of u [09:20] zam0lx1s: me 2 :) [09:20] zam0lx1s: alright, i'll go foist [09:20] zam0lx1s: hold on [09:21] jb: ok [09:21] jb: be quick about it [09:23] zam0lx1s: just one of them [09:23] zam0lx1s: (Link: (...)) [09:25] zam0lx1s: now let me see more of u [09:25] jb: can i send mine to your email?? [09:25] zam0lx1s: sure, [censored] [09:28] zam0lx1s: will u b much longer? gotta go soon... [09:28] jb: i have sent it already [09:29] jb: no [09:29] jb: i will soon take my leave [09:30] zam0lx1s: did not receive it yet [09:30] jb: u gonna see it [09:30] jb: av sent it [09:30] zam0lx1s: do u use Ms Outlook? [09:31] jb: nope [09:31] jb: am very new to the internet stuffs [09:31] zam0lx1s: how come? what do you do? [09:32] jb: am a construction wngineer [09:32] jb: done have time for the internet stuffs most times [09:32] zam0lx1s: really? i'm in a similar field... [09:33] jb: oh [09:33] jb: thats cool [09:33] can't w8 NEmore [09:33] zam0lx1s: we'll talk soon, k? [09:34] jb: and me too [09:34] jb: i can always come over baby if u want me to [09:34] jb: what do u specialize in baby [09:35] jb: is it [censored]?? [09:35] zam0lx1s: no, [censored] [09:35] jb: ok [09:36] jb: can we talk via emaileverytime???baby [09:37] jb: actually,i just got this building contract from sheraton hotel and towers [09:37] jb: thats what making me very busy at the moment [09:37] zam0lx1s: i thought you logged off [09:37] zam0lx1s: you disappeared for a se [09:37] zam0lx1s: second [09:38] zam0lx1s: look, we'll talk soon, but now I gotta go [09:38] jb: yeah..............its the network,baby [09:38] jb: can u send me email?? [09:38] jb: cos i might not be online [09:38] zam0lx1s: sure i can send you email [09:38] zam0lx1s: but i need to see a better photo first, still did not receive yours [09:38] jb: [censored] [09:38] jb: ok [09:39] zam0lx1s: oh, got it [09:39] *** "jb" signed off at Mon Jan 21 09:39:06 2008. [09:39] *** "jb" signed on at Mon Jan 21 09:39:15 2008. [09:39] zam0lx1s: who's robin beth [09:40] zam0lx1s: hello? [09:40] jb: i already send send some pics [09:40] jb: thats my cousins ?? [09:40] jb: we so close [09:40] zam0lx1s: what's ? [09:41] jb: dont know baby [09:42] jb: someone did use my pics there [09:42] zam0lx1s: why would u send it to me though? [09:42] zam0lx1s: r u some kind of spammer? [09:42] jb: u mean my pics? [09:42] jb: hey [09:42] jb: please [09:43] zam0lx1s: one of the photos you sent has "" on it [09:43] jb: yeah [09:43] jb: somebody used my pics for internet modelling [09:43] zam0lx1s: alright, we'll talk later [09:44] zam0lx1s: gotta go [09:44] zam0lx1s: bye [09:44] jb: ok [09:44] jb: ttyl Session Close (jb): Mon Jan 21 09:44:29 2008 Session Start (zam0lx1s:jb): Tue Jan 22 06:11:41 2008 [06:11] jb: u doing??????????? [06:11] *** Auto-response sent to jb: wrkn ttyl [06:11] *** "jb" signed off at Tue Jan 22 06:11:49 2008. [06:12] *** "jb" signed on at Tue Jan 22 06:12:40 2008. [06:26] *** "jb" signed off at Tue Jan 22 06:26:12 2008. [06:29] *** "jb" signed on at Tue Jan 22 06:29:51 2008. [06:30] jb: hey [06:31] *** "jb" signed off at Tue Jan 22 06:31:01 2008. [06:31] *** "jb" signed on at Tue Jan 22 06:31:45 2008. [08:00] zam0lx1s: hello [08:00] jb: am [08:00] zam0lx1s: that's good 2 hear [08:00] zam0lx1s: at work? [08:02] jb: ok [08:02] zam0lx1s: r u at work? [08:02] jb: yeah [08:03] zam0lx1s: can u talk? [08:03] jb: am here [08:03] jb: am very busy at the moment [08:03] jb: still trying to get the contract done [08:03] zam0lx1s: will u b less busy later on? [08:04] zam0lx1s: i'd like 2 talk 2 u 4 a few minutes [08:05] jb: am here [08:05] jb: ok [08:05] jb: am listening [08:05] zam0lx1s: alright [08:05] zam0lx1s: i'm curious about your pics [08:05] zam0lx1s: i understand someone used them on a website [08:05] zam0lx1s: but why would you send me a "used" photo? [08:05] zam0lx1s: don't you have the original? [08:06] jb: someone did use the.................i told u [08:06] jb: those are my recent pics [08:06] jb: i dont have ny one at the moment [08:06] zam0lx1s: so you modeled for the website, it's not like they used them without permission, correct? [08:08] jb: yeah.....i did model for them sometimes and they used someones name instead of mine [08:08] jb: i did sue them to the court [08:09] zam0lx1s: you have 2 admit this is very odd, almost unbelievable :) [08:09] jb: ok [08:09] jb: i gotta go [08:09] jb: by [08:09] jb: talk to u later,it seems u dont believe me [08:10] zam0lx1s: hey, hold on [08:10] zam0lx1s: we're only talking [08:10] jb: what???????? [08:10] zam0lx1s: there's no need to get jumpy [08:10] zam0lx1s: i'm only trying to understand what's going on [08:10] jb: please..............i need to get money for the new contract that has just been awarde to me [08:10] jb: so i have to get things staarted [08:10] jb: bye [08:10] zam0lx1s: so let's talk when you have some time :) [08:10] zam0lx1s: bye [08:11] *** "jb" signed off at Tue Jan 22 08:11:29 2008. Session Close (jb): Tue Jan 22 08:11:52 2008
Am pierdut poate mai multe minute decat ar fi meritat, chiar daca lucram la ceva in paralel. Mi s-au parut intotdeauna interesante conversatiile cu spammerii. Modul de a vorbi este inconfundabil african: "i have to take my leave", "internet stuffs", "yah profile", etc. Pozele pe care mi le-a trimis sunt intr-un email care a mai fost forwarded la vreo 10 adrese de email, "ea" nestergand adresele respective. Mai mult decat atat, daca citesti cu atentie mai sus, gasesti o gramada de greseli de exprimare subtile, sugerand ca "ea" nici vorba sa fie cine spune ca este (are un nume anglo-saxon, latina looks). Iata mai jos pozele trimise (am pus un domeniu de-al meu pe toate,, ca sa nu-i mai vina cuiva ideea de a le folosi in acelasi scop): Mesajul email contine adresa IP de unde emailul a fost preluat de Yahoo (adresele de email usor modificate):
Authentication-Results:; spf=pass ( domain of designates as permitted sender); domainkeys=pass (test mode) X-Originating-IP: [] Authentication-Results:; domainkeys=pass (ok) Received: from (HELO ( by with SMTP; Mon, 21 Jan 2008 06:40:39 -0800 Received: (qmail 89847 invoked by uid 60001); 21 Jan 2008 14:30:38 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024;; h=X-YMail-OSG:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=2+Lminxgj1HO9VdRAArdHFe6W71qRGBbuDMEZMSObYsW1lHmxojGzSxpj/dk0xYWIBC58IvLVj5iFicOdGsb3tRRJ0p2bQ/eja4TrBG/Mo/4M0b+spkX7eRPjwy3K6RLr4bxC6sBBZbw6DdK2tpkZtd9HjLGbDF+reEDTmwjAsc=; X-YMail-OSG: ZTTc81wVM1nsEzcw_EGyRym9kNtV6LY3yo1QElT6 Received: from [] by via HTTP; Mon, 21 Jan 2008 06:30:37 PST Date: Mon, 21 Jan 2008 06:30:37 -0800 (PST) From: robin beth Subject: my pics
reverse DNS on IP number:
Location: Nigeria (high) [City: ] Preparation: The reverse DNS entry for an IP is found by reversing the IP, adding it to "", and looking up the PTR record. So, the reverse DNS entry for is found by looking up the PTR record for All DNS requests start by asking the root servers, and they let us know what to do next. See How Reverse DNS Lookups Work for more information. How I am searching: Asking for PTR record: says to go to (zone: Asking for PTR record: [] says to go to (zone: Asking for PTR record: Reports [from] Answer: PTR record: [TTL 3600s] [A=None] *ERROR* There is no A record for (may be negatively cached). To see the reverse DNS traversal, to make sure that all DNS servers are reporting the correct results, you can Click Here.
whois query on domain (from above):
domain: created: 10-Sep-2004 last-changed: 10-Sep-2007 registration-expiration: 09-Sep-2008 nserver: nserver: status: CLIENT-TRANSFER-PROHIBITED registrant-firstname: Christopher registrant-lastname: Yaw registrant-organization: Netcom Africa registrant-street1: 9898 Brewers Court registrant-pcode: 20723 registrant-state: MD registrant-city: Laurel registrant-ccode: US registrant-phone: +1.2405539400 registrant-email: admin-c-firstname: Christopher admin-c-lastname: Yaw admin-c-organization: Netcom Africa admin-c-street1: 9898 Brewers Court admin-c-pcode: 20723 admin-c-state: MD admin-c-city: Laurel admin-c-ccode: US admin-c-phone: +1.2405539400 admin-c-email: tech-c-firstname: Christopher tech-c-lastname: Yaw tech-c-organization: Netcom Africa tech-c-street1: 9898 Brewers Court tech-c-pcode: 20723 tech-c-state: MD tech-c-city: Laurel tech-c-ccode: US tech-c-phone: +1.2405539400 tech-c-email: bill-c-firstname: Christopher bill-c-lastname: Yaw bill-c-organization: Netcom Africa bill-c-street1: 9898 Brewers Court bill-c-pcode: 20723 bill-c-state: MD bill-c-city: Laurel bill-c-ccode: US bill-c-phone: +1.2405539400 bill-c-email:
Concluzia mea este ca si fara sa fi pierdut atata timp de vorba cu "do'n'soara", provenienta emailului (Nigeria) sugereaza puternic ideea de frauda. Dupa primul oil shock, cand preturile au scazut, Nigeria a trecut printr-o recesie brusca, si mai multi studenti s-au trezit fara bani. Au inceput apoi sa traga americani in piept, ceea ce nu e foarte dificil de altfel. De atunci, aceasta a devenit o industrie. Provenienta unui email din Nigeria nu este suficienta pentru a-l incrimina, tot astfel cum nu toti arabii care vin din Arabia Saudita si poarta explosive sub turban sunt teroristi :) . Dar pentru mine e de-ajuns. Ce sugereaza aceasta conversatie? Scriam pe un alt site ca spammerii se cam lasa pagubasi, si ca nu prea mai renteaza sa faci spam. Filtrele Google sunt excelente, iar Yahoo spam filters ca si Hotmail au inceput sa se apropie. Dar daca un spammer a ajuns sa contacteze individual, situatia lor e cat se poate de proasta... ceea ce e bine; poate incep si ei sa se ocupe mai mult de economia proprie, care e-n buda. As fi fost curios sa vad ce fel de schema ar fi incercat cu mine, dar poate ca speranta nu e inca pierduta. 'om trai si 'om vedea... UPDATE: Se continua cu partea a II-a si partea a III-a.


Yahoooooo! Fraud 101: Spam, spim, chain mail and other time-wasters - consumedconsumer

Thank you for reading (mulţam fain pentru cetire)! Publicat Tuesday, January 22, 2008 . Similar articles under the following categories (poţi găsi articole similare sub următoarele categorii): (Subscribe), (Subscribe), (Subscribe), (Subscribe) . Dacă ţi-a plăcut articolul, PinIt-uieste-l, ReddIt-eaza-l, stumble-uieste-l altora, trimite-l pe WhatsApp yMess şi consideră abonarea la fluxul RSS sau prin email. Ma poti de asemenea gasi pe Google. Trackback poateputea fi trimis prin URL-ul de sub Comentarii.
Aici vei găsi ştiri inedite, articole hazoase, perspective originale in politică, societate, economie şi relaţii interumane. QUESTIONS (Intrebări)? We got Answers (Răspunsuri există)!  
blog comments powered by Disqus