SmartFeedSmartFeed          

Porsche Hangout


WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 mail.callem.com.sa and scotiamedia.com

View next topic
View previous topic
 
Post new topicReply to topic
Author Message
leonsumbitches
Elite Baiter


Joined: 15 Oct 2010
Posts: 1046
Location: I'm out there, where every man wants to be


PostPosted: Tue Dec 07, 2010 5:03 am Reply with quoteBack to top

Please add to DB. I would like to report this on behalf of all of Sven Tanstaafl.

URL: http://mail.callem.com.sa/scotiaonline/ca/start.jsplanguage=/
IP: Callem.com.sa resolves to 212.12.172.85 located in Saudi Arabia

Pretends to be Scotiabank's login page. The email was sent from a domain which obviously pretends to be Scotiabank's login. I'm posting on both at the same time, maybe a mod will want to split them up. I searched for both domains here and didn't get any hits.

Hotlinked image: [img]http://mail.callem.com.sa/scotiaonline/ca/start.jsplanguage=/sol-75-phlv2.png[/img]

The email it shows up in (bold indicates a possible fake domain for another report):

Quote:
Delivered-To:
Received: by 10.229.186.137 with SMTP id cs9cs123371qcb;
Mon, 6 Dec 2010 11:28:57 -0800 (PST)
Received: by 10.231.34.130 with SMTP id l2mr6304469ibd.181.1291663735793;
Mon, 06 Dec 2010 11:28:55 -0800 (PST)
Return-Path: <[email protected]>
Received: from mta21.charter.net (mta21.charter.net [216.33.127.81])
by mx.google.com with ESMTP id hj39si14832751ibb.76.2010.12.06.11.28.13;
Mon, 06 Dec 2010 11:28:55 -0800 (PST)
Received-SPF: neutral (google.com: 216.33.127.81 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=216.33.127.81;
Authentication-Results: mx.google.com; spf=neutral (google.com: 216.33.127.81 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected]
Received: from imp09 ([10.20.200.9]) by mta21.charter.net
(InterMail vM.7.09.02.04 201-2219-117-106-20090629) with ESMTP
id <[email protected]>;
Mon, 6 Dec 2010 14:28:13 -0500
Received: from User ([97.84.147.130])
by imp09 with smtp.charter.net
id fvTz1f00E2p25xt05vU3cx; Mon, 06 Dec 2010 14:28:12 -0500
X-Authority-Analysis: v=1.0 c=1 a=Dyoqhi_TatcA:10 a=6IE0RmV4oIkA:10
a=YteiUXKBuaUA:10 a=Cfj4BQAnxiAA:10 a=lbC3vhxWAAAA:8 a=lb2m5bMLvbbGLVY98KAA:9
a=yPcANCB_iL25XRJHtgsA:7 a=C_wf--BzreTJ48PtFHRfooOTIxUA:4 a=Ft8UYL4EG9YA:10
a=OpTPbuIaOIEo3rAK:21 a=TIImVrE_yl7jiyvD:21
Message-ID: <[email protected]>
Reply-To: [email protected]
From: ScotiaBank<[email protected]>
Subject: Error in your information on file
Date: Mon, 6 Dec 2010 12:28:11 -0700
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

During our regulary schedule account maintenance and verification we have detected a slight error in your information on file with us.
This usually happens for the following reasons:
- A recent change in your personal information (i.e. change of address)
- Submitting invalid information during the initial sign up process.
- An inability to accurately verify your selected option of payment due an internal error within our processors.
Please update your information by visiting Scotiabank at:
http://mail.callem.com.sa/scotiaonline/ca/start.jsplanguage=/
If your account information is not updated, your Scotiabankl account access will be limited.
____________________________________________
You are receiving this email notification because this email address is listed as the administrative contact email for your Scotiabank account.


The email seems to originate from Vancouver.

This site uses images hotlinked from the real scotiabank.com, yet is clearly not the real domain.

The domain that this mail comes from, scotiamedia.com, only gets 318 Google hits and contains only this boilerplate:

Quote:
ScotiaBankMedia.com

For more information, please contact Congo Communications at:

1-877-772-6646

or

[email protected]


© Congo Communications 2007 All Rights Reserved


This site resolves to 64.40.108.111 and is located in Vancouver. It seems to have been around for a long time and looks legit, but the site itself looks fishy to me. Maybe I'm just new at this.

This would be my first site kill if real, so I may need some guidance.

_________________
I DON'T. Buy the tomatoes with. The stems. On them. They don't. Degrade. They go. Down the sink. And into the WATER. Then. They get lodged in the throats of little. OTTERS.

GYV::Tanstaafl::Abiga::Game-theory::Church-Sites Easter Egg 2011
Closed lad accounts x 18 (10 from Tanstaafl baits) United Kingdom x 5 United States x 2 Ivory Coast Netherlands Malaysia Nigeria x 2 Spain
Safari SW Bait - Cl3tus Orof3 Accra->8auchi->Accra->Lagos, co-bait with Nowhere Man, Bravo, The Dane & psychicbait
insults and more
How to kill a Badger
View user's profileSend private messageYahoo MessengerSkype Name
Lachesis
** SUSPENDED **


Joined: 01 Nov 2010
Posts: 1162


PostPosted: Tue Dec 07, 2010 5:05 am Reply with quoteBack to top

Don't think we handle phishing sites here.

Not sure about phishing email domains though.

_________________
Site killer, scam baiter, shit poster.

Baiting/sitekilling numbers:

United Kingdom x 56 Ghana x 6 South Africa x 2 x 2 United States x 5 Malaysia x 8 Spain x 8 Ireland x 2 Canada x 3 Malta Australia Ivory Coast Nigeria x 2 Benin x 2 Cambodia Flag Indonesia Burkina Faso

Closed lad accounts x 21 Easter Egg 2011

Photo trophies x 2, Forms filled x 11, Baited domains x 9, Writing pieces x 2

"Ok i want to be addressed like felon Musa Songo." - Musa Songo
"This your transaction is giving me heart failure" - EFCC
"YOU ARE A BIG FOOL AND AN IDIOT. DO NOT EVER CONTACT ME AGAIN. YOU ANIMAL." - Kojo Smith
"STOP FOULING YOURSELF JOHN." - Rodney Lloyd
View user's profileSend private message
leonsumbitches
Elite Baiter


Joined: 15 Oct 2010
Posts: 1046
Location: I'm out there, where every man wants to be


PostPosted: Tue Dec 07, 2010 5:12 am Reply with quoteBack to top

I didn't think so either, but coupled with the email coming from scotiamedia.com, I thought they would be a package deal. The email clearly tries to sound like it is coming from a valid domain for Scotiabank, it just happens to send the reader, perhaps bolstered by the offical-looking domain, to a phishing site.

_________________
I DON'T. Buy the tomatoes with. The stems. On them. They don't. Degrade. They go. Down the sink. And into the WATER. Then. They get lodged in the throats of little. OTTERS.

GYV::Tanstaafl::Abiga::Game-theory::Church-Sites Easter Egg 2011
Closed lad accounts x 18 (10 from Tanstaafl baits) United Kingdom x 5 United States x 2 Ivory Coast Netherlands Malaysia Nigeria x 2 Spain
Safari SW Bait - Cl3tus Orof3 Accra->8auchi->Accra->Lagos, co-bait with Nowhere Man, Bravo, The Dane & psychicbait
insults and more
How to kill a Badger
View user's profileSend private messageYahoo MessengerSkype Name
DoraTheExplorer
Anonymous


Joined: 18 Nov 2008
Posts: 9264
Location: Magnolia, Mississippi


PostPosted: Tue Dec 07, 2010 5:30 am Reply with quoteBack to top

leon, we don't do phishing emails here as the banks are better at handling those.

Forward the email with headers to: [email protected]

scotiamedia.com looks to be legit and is probably just being spoofed by the phishers. It looks like the sending IP is 97.84.147.130 which is Saginaw, MI USA

I'll mark this N/A. Very Happy

_________________
United StatesCanadaUnited KingdomNigeriaGhanaBeninMalaysiaSouth AfricaSwitzerlandTogoChinaSpainMadagascar FlagBulgeriaUnited Arab EmiratesUkraineUnited NationsItalyLibya FlagCzech Republic
NetherlandsNew ZealandRussiaSaudi ArabiaAustraliaBahamas, TheIvory CoastDenmarkBelgiumHong KongFranceGermanyRomaniaBahamas, TheNew ZealandcameroonBurkina Faso x 2714
Easter Egg 2012 Cellphone Closed lad accounts Mortar pony pony Nurse Nastys Audi TT Nurse Nastys Audi TT Goat Tattoo Mc Fry Elite Ninja Team Member
Safari Vcamera Paga John Safari Vcamera Paga Willie Safari Vcamera Paga Kingsley Safari James

Safari The Dynamic Duo Travels! Vcamera Sand Timer
View user's profileSend private message
leonsumbitches
Elite Baiter


Joined: 15 Oct 2010
Posts: 1046
Location: I'm out there, where every man wants to be


PostPosted: Tue Dec 07, 2010 6:08 am Reply with quoteBack to top

^^^ Ah, thanks.

Sven, migraine and all, will have to wait til another day to claim a flag.

_________________
I DON'T. Buy the tomatoes with. The stems. On them. They don't. Degrade. They go. Down the sink. And into the WATER. Then. They get lodged in the throats of little. OTTERS.

GYV::Tanstaafl::Abiga::Game-theory::Church-Sites Easter Egg 2011
Closed lad accounts x 18 (10 from Tanstaafl baits) United Kingdom x 5 United States x 2 Ivory Coast Netherlands Malaysia Nigeria x 2 Spain
Safari SW Bait - Cl3tus Orof3 Accra->8auchi->Accra->Lagos, co-bait with Nowhere Man, Bravo, The Dane & psychicbait
insults and more
How to kill a Badger
View user's profileSend private messageYahoo MessengerSkype Name
Display posts from previous:      
Post new topicReply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



E-Mail Header Analysis


All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT