SmartFeedSmartFeed          

Porsche Hangout


WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 ToSing a S. Korean-hosted site (ONSE Telecom is host)

View next topic
View previous topic
 
Post new topicReply to topic
Author Message
ADX
Hello I'm New here!


Joined: 27 Jun 2011
Posts: 3


PostPosted: Fri Jul 08, 2011 5:57 pm Reply with quoteBack to top

I recently received a 419 E-Mail from a compromised SFASU.edu E-mail account which instructs the recipient to E-Mail an @hosanna.net account.

Hosanna.net appears to be hosted by a large South Korean ISP, ONSE Telecom (www.onsetel.co.kr) and was wondering if anyone here spoke Korean or had means of shutting down Korean hosting. I'll be sending an E-Mail to their abuse department, but being in English, I'm not sure that it will get the attention it warrants.

Apparently ONSE is a large ISP in Korea, so the offshore factor shouldn't be a safeguard for the lads, just the language barrier.



As far as the originating E-Mail, I've already been on the phone with Stephen F. Austin State University (the university of the originating E-Mail) all day trying to get in touch with IT Security specifically, but their communication is horrible. No one knows who to speak to about suspending an account, though I do have calls in to a few direct lines of people who should be able to help.

Spoke with a Sergeant with the SFA Police Department (whom I had to explain what a 419 letter was amongst a lot of other things... He wasn't very computer literate) who passed the information on to their detectives as well as the PD's internal IT department (apparently the PD and University both have separate IT departments), but the Sergeant had no clue who to get in touch with to get the originating account termed (trying to get it shut down just in case the lad is still blasting via the compromised account).

Additionally; SFA's E-Mail is set up so that their E-Mail headers only display the University's IPs, not that of the sender.


So, if anyone has any proficiency in Korean, or knows of anyone with success in shutting down Korean-based hosting, please feel free to contact me or take action


Original Headers:

Original Headers:



Original E-Mail:

Quote:

Subject:
Note

Body:
Are you interested in Charity work? Please contact me for more details. Contact Email: [email protected]
View user's profileSend private message
Caligula
small sausage


Joined: 13 May 2009
Posts: 4774
Location: Growing old


PostPosted: Fri Jul 08, 2011 7:04 pm Reply with quoteBack to top

You called for a sitekiller? Very Happy

If I recall correctly hosanna.net just provides email addresses to whoever wants them - comparable to hotmail.com or gmail. So hosanna.net isn't a domain which will be taken offline because a scammer uses it to scam people. I also don't suggest reporting just the email address to hosanna, as we don't close individual addresses for various reasons listed in the stickeys.

As for the .edu address, I'm impressed by all the effort you went through! Very Happy Many of those accounts get phished and used to spam their opening scripts and we often come accross those. I think you did brilliant work, and it's up to the IT departments to do their jobs now.

Welcome to eater!

_________________
United KingdomUnited StatesMalaysiaNetherlandsNigeriaIvory CoastBeninFranceChinaTogoSwitzerlandCanadacameroonFlag MonacoSouth AfricaRussiaUnited Nations x 600+ (gave up counting long time ago)
Mugu Reseller x3
Cellphone Closed lad accounts Mortar Nurse Nastys Audi TT Goat Easter Egg Purple Flower Mc Fry
Going Gold?
Post scripts at scamwarners!
Kill a fake site today!
View user's profileSend private messageSkype Name
Morgain Le Fay
Pistol-packin' Mama


Joined: 14 Oct 2010
Posts: 5800
Location: Taking my new .38 special to the range


PostPosted: Sun Jul 10, 2011 8:02 pm Reply with quoteBack to top

The Help Desks at the .edu's are very good about fixing things and giving their student or faculty a new email account when it gets phished like that. It has been my experience their IT departments handle them within 24 hours. I usually send a form script I have to their IT/Help Desk with pertinent information and a link to what a 419 scam is and find the universities or school districts are most appreciative.

One university help desk person wrote me back to learn more and I directed him to Eater.

_________________
Closed lad accounts X42 Easter Egg 2011 United Kingdom Mc Fry
Safari Nash and 6 friends 488 Km within Ghana - bait with Agda (2012)
Safari Safari Philip Ghana-Benin (bait w/Agda) 2013
Mortar x5
TV Star
.edu's 260 reported
Click here to support 419Eater.com
US Dropbox

"You people are all Junks" - Miss E. Kabx

"Maybe you are insane as your so called sat..." Barrister Insane

The website below is available for Eater folks to use.
Film & Production Needs
View user's profileSend private messageSkype Name
Display posts from previous:      
Post new topicReply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



E-Mail Header Analysis


All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT