SmartFeedSmartFeed          

Porsche Hangout


WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 Scammers target universities

View next topic
View previous topic
 
Post new topicReply to topic
Author Message
mindgames
Not quite a Newb


Joined: 20 Jun 2007
Posts: 54
Location: United States


PostPosted: Thu Mar 27, 2008 1:12 am Reply with quoteBack to top

The scammers have decided to steal credibility from universities. They are now targeting universities with phishing e-mails, some really well-done targeted attacks (with the usual grammar) I might add, to steal e-mail passwords. The compromised e-mail accounts are then used entirely for 419 scams, as the IT staff told me. An example of such an attack, which is very well-timed and in synch with our e-mail server upgrade, is here.

What this amounts to for us is a bunch of scammers using legitimate .edu addresses for scams. If you find any, they will not belong to the actual student, and you have 2 options. If you're like me, and you find this similarly repulsive, you can turn really demented and give the scammer a ride for his life in some mega-bait of sorts. Otherwise, please report the address(es) to the university's respective IT department immediately so the victims' passwords can be reset. If you decide to play games with the lad, make sure you at least report the address when finished, instead of the usual rinse/re-use. The mass-mailings will leave the schools facing consequences. My school, for example, is firewalled by half of cyberspace in an anti-spam effort by the ISPs. I don't know about other schools, but I'm sure the consequences will be similar. Out of the 100,000 e-mail accounts within their domain, they are still searching for the compromised accounts, and could use any help they get in tracking them down.
View user's profileSend private message
sheboppe
The Sparkly Member


Joined: 10 Dec 2004
Posts: 5002
Location: United States


PostPosted: Thu Mar 27, 2008 3:04 am Reply with quoteBack to top

This isn't new. It has been going on for some time.

A variation of this scam is the financial aid scam. There
are different versions of it, but phishing for personal info
is the scammer's goal.

_________________
| <a href=http://forum.419eater.com/forum/viewtopic.php?t=135992> Official Eater T-Shirts</a> | <a href=http://forum.419eater.com/forum/viewtopic.php?t=81028> Premium Membership</a> | ScamWarners | <a href=http://forum.419eater.com/forum/viewtopic.php?t=5413> Forum Rules</a> | <a href=http://forum.419eater.com/forum/viewforum.php?f=51> Baiting Tutorials</a> | <a href=http://forum.419eater.com/forum/viewtopic.php?t=118738> Baiting Help</a> | <a href=http://forum.419eater.com/forum/viewtopic.php?t=137846> FAQs</a> |

star pony pony pony Pretty Rose Pretty Rose Mortar x22
View user's profileSend private messageSend e-mail
mindgames
Not quite a Newb


Joined: 20 Jun 2007
Posts: 54
Location: United States


PostPosted: Thu Mar 27, 2008 3:47 am Reply with quoteBack to top

Well, they weren't very abundant at this school until recently, and they are clearly doing a lot of research before phishing, which I didn't think most scammers understood, much less knew how to do. Apparently it is working well since they got the school blacklisted by a bunch of internet/e-mail providers. I thought I should have people here look out for them; I've never seen an actual 419 letter from a school address before, only forged headers with an @yahoo.com reply-to field.

Anyhow, should we bait any of them? If so, what is the usual way to toy with these ones given only the phishing address? I'm feeling a little vengeful, despite not being fooled by any of them. Last one I got e-mail from I pitched a fit to about "poor IT service". I'd love to drag one of these guys through some nice, soft, fertilized mud... Evil or Very Mad
View user's profileSend private message
sheboppe
The Sparkly Member


Joined: 10 Dec 2004
Posts: 5002
Location: United States


PostPosted: Thu Mar 27, 2008 3:58 am Reply with quoteBack to top

Some schools haven;t been targeted but it's just a matter of time.

Many scammers are clever enough to do research. They aren't all from one part of the world, and they don;t all have poor English and comprehension skills. There are many scammers that hold white collar jobs. Scammers in this classification are growing at an alarming rate.

On this site we bait 419 scammers, not phishing scammers. You are welcome to bait phishing lads on your own if you like.

_________________
| <a href=http://forum.419eater.com/forum/viewtopic.php?t=135992> Official Eater T-Shirts</a> | <a href=http://forum.419eater.com/forum/viewtopic.php?t=81028> Premium Membership</a> | ScamWarners | <a href=http://forum.419eater.com/forum/viewtopic.php?t=5413> Forum Rules</a> | <a href=http://forum.419eater.com/forum/viewforum.php?f=51> Baiting Tutorials</a> | <a href=http://forum.419eater.com/forum/viewtopic.php?t=118738> Baiting Help</a> | <a href=http://forum.419eater.com/forum/viewtopic.php?t=137846> FAQs</a> |

star pony pony pony Pretty Rose Pretty Rose Mortar x22
View user's profileSend private messageSend e-mail
Eddie Valient, PI
Not quite a Newb


Joined: 11 Dec 2006
Posts: 27
Location: Toontown


PostPosted: Thu Mar 27, 2008 7:59 am Reply with quoteBack to top

I received 4 emails from O$U IP addys in the last couple of days. I was actually prepared to post a question about this here when I saw this topic. I have now forwarded these on to their IP department for loving care and attention. For those keeping score at home, the scammers were:

[email protected] A [email protected] (lotto scam)
St3phen R0wland (check scam)
Mr [email protected] W0ng (Bank transfer scam)
[email protected] [email protected] (NoK scam)

I guess they are buying these addys from the phishermen; it stretches credulity beyond the breaking point to think this cluster is a random accident.

EDIT: I know that normally it is frowned on to kill email addys, but in this case, since 3 of the 4 were using using redirects to other accounts and given the fact that there were ITP's involved, I felt it best to notify OSU IT.

_________________
I AM GIVING ASSURANCE AS SOON YOU FOLLOW MY INSTRUCTION YOU WILL RECEIVE YOUR FUNDS AND THE FUNDS WHICH YOU WILL BE RECEIVE IS 100% RICK FREE AND WILL NOT OCCURE ANY PROBLEMS - [email protected] B0sman (Lord knows I don't need any more Rick's in my life!)
View user's profileSend private message
mindgames
Not quite a Newb


Joined: 20 Jun 2007
Posts: 54
Location: United States


PostPosted: Thu Mar 27, 2008 12:21 pm Reply with quoteBack to top

The IT department responsible for @osu.edu addresses is 8help(at)osu.edu. They are looking for compromised addresses, and there is more at stake than a yahoo account. These addresses are actual addresses, belonging to college students and faculty/staff with names the scammers are claiming to be (notice the last name). The address won't "die", but its password will get reset to lockout the scammer and return control to the student, along with a lecture on phishing. As for the reply-to guys, I'd like to join you in making their lives miserable. I am rather appalled at them and am feeling really demented and vengeful. These circumstances are why I asked people to report them. Don't kill the Yahoo ones.
View user's profileSend private message
sheboppe
The Sparkly Member


Joined: 10 Dec 2004
Posts: 5002
Location: United States


PostPosted: Thu Mar 27, 2008 1:01 pm Reply with quoteBack to top

^^^ I am not clear on what you are asking us to do.

-Emails at your university were phished by scammers.
-Some schools are getting blacklisted due to theft of email accounts
-Students and faculty report that their account has been hijacked
-School changed PW and returns account to owner

The school can also change the email addy. It is up to the
IT dept. and college officials to get their school removed
from blacklists.

We detest phishing scammers also, but again, we don't bait them.

_________________
| <a href=http://forum.419eater.com/forum/viewtopic.php?t=135992> Official Eater T-Shirts</a> | <a href=http://forum.419eater.com/forum/viewtopic.php?t=81028> Premium Membership</a> | ScamWarners | <a href=http://forum.419eater.com/forum/viewtopic.php?t=5413> Forum Rules</a> | <a href=http://forum.419eater.com/forum/viewforum.php?f=51> Baiting Tutorials</a> | <a href=http://forum.419eater.com/forum/viewtopic.php?t=118738> Baiting Help</a> | <a href=http://forum.419eater.com/forum/viewtopic.php?t=137846> FAQs</a> |

star pony pony pony Pretty Rose Pretty Rose Mortar x22
View user's profileSend private messageSend e-mail
mindgames
Not quite a Newb


Joined: 20 Jun 2007
Posts: 54
Location: United States


PostPosted: Thu Mar 27, 2008 2:34 pm Reply with quoteBack to top

I'm asking that we keep a lookout for *.edu addresses (not just OSU) that are being used for 419 scams. Most affected students don't know their account is hijacked, and it's not always a simple matter of looking for port-25 spikes on their network to root these out. They are doing all they can, of course, but it would be appreciated if when you find a *.edu address that you report it. Then ride the scammer in the reply-to field harder than the usual lottery scammer.

There is nothing we can do from here about phishing itself and it is indeed the school's responsibility to deal with the DNSBL. However, if we see some e-mails that appear to be coming from college students, I think (if it's not a problem) we should treat them a little differently from most addresses that we just rinse/reuse. I ask this because, as I was told, all of the compromised accounts are being used for 419 scams, so I figured some people here may be finding a few, which would be a great help to the IT departments.

By the way, changing addresses here is not a simple matter, and I'm not sure if it's even possible, but they can suspend compromised accounts and change passwords.

As for my baiting tendacies, I'm curious if anyone would like to share the @yahoo.com addresses so I can introduce them to some torment, and otherwise have some baiters (who are interested) give them more pain than normal as a punishment of sorts. Wanting very badly to toy with the bad guys, I was slightly looking for a way to bait them from the phishing addresses, since they may be the same guys, but that doesn't seem to work all that well.

So, everything summed up, look out for a few *.edu addresses being used by scammers in your baiting. If you find one, let the proper IT department know instead of simply baiting them. Then, carry on baiting at the reply-to address a little harsher than before.ge passwords.
View user's profileSend private message
Eddie Valient, PI
Not quite a Newb


Joined: 11 Dec 2006
Posts: 27
Location: Toontown


PostPosted: Thu Mar 27, 2008 3:45 pm Reply with quoteBack to top

They are also accepting reports of phished accounts at [email protected].

_________________
I AM GIVING ASSURANCE AS SOON YOU FOLLOW MY INSTRUCTION YOU WILL RECEIVE YOUR FUNDS AND THE FUNDS WHICH YOU WILL BE RECEIVE IS 100% RICK FREE AND WILL NOT OCCURE ANY PROBLEMS - [email protected] B0sman (Lord knows I don't need any more Rick's in my life!)
View user's profileSend private message
mindgames
Not quite a Newb


Joined: 20 Jun 2007
Posts: 54
Location: United States


PostPosted: Thu Mar 27, 2008 4:58 pm Reply with quoteBack to top

Without giving too many details which might identify me, the 8help people told me they were interested in compromised accounts. I think there is also an [email protected] address, and who knows, maybe [email protected] is interested (they have their own police department), but I really doubt it. Any of these other addresses you send it to should reach the appropriate admins. [email protected] will create a ticket with the helpdesk, [email protected] is self-explanitory, and I hadn't heard of security, but I know they have a special department that deals with IT security/policy. There might be others, but I don't recall them off the top of my head. There is no [email protected] address, which they spoofed some time last year, but not very often.

Could you send me some of the Yahoo reply-to addresses? I take it personally when they breach security in this school's IT department (personal reasons) and plan to ride them unbearably hard. I found one so far, and I'm now working on getting him off-hook. I'll be happy to do joint-baits or mass-baits if it suits you, just as long as I can make sure they suffer a swirling torrent of pain and the owners get their addresses back.

Treat *.edu addresses like bank accounts, only forward them to the appropriate IT department instead of A:l:a:n. It will be greatly appreciated.

Now back to baiting them... If not a problem, could you please send me the (non-school) addresses or coordinate some team-bait thing so I can join in?
View user's profileSend private message
Eddie Valient, PI
Not quite a Newb


Joined: 11 Dec 2006
Posts: 27
Location: Toontown


PostPosted: Thu Mar 27, 2008 7:41 pm Reply with quoteBack to top

I would, but as of now all four are dead. Three were gmail addys and one was hotmail. I don't know if the OSU people pulled the info from the headers and killed the addys, or natural attrition took place. I had an open bait going with [email protected] W0ng (it was just a few emails in, and he was still on script), so if he recontacts I will forward his addy to you for the appropriate fun and games. If you see a PM from me, he's back in contact. I don't think I can help with the others though.

_________________
I AM GIVING ASSURANCE AS SOON YOU FOLLOW MY INSTRUCTION YOU WILL RECEIVE YOUR FUNDS AND THE FUNDS WHICH YOU WILL BE RECEIVE IS 100% RICK FREE AND WILL NOT OCCURE ANY PROBLEMS - [email protected] B0sman (Lord knows I don't need any more Rick's in my life!)
View user's profileSend private message
Display posts from previous:      
Post new topicReply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



E-Mail Header Analysis


All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT