Fake email pretending to be from Windows Secrets, but really from hostgator

Topic

New Reply

11:38a Pacific I got mail purporting to be from Windows Secrets, but in reality the headers looked a bit different:

Subject: Can you really make money with surveys?
X-PHP-Script: ”email obscured purposely” for 178.86.6.97
From: Windows Secrets
Reply-To:”email obscured purposely”
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Message-Id:
Date: Mon, 17 Sep 2012 13:38:21 -0500
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname – gator742.hostgator.com
X-AntiAbuse: Original Domain – gmail.com
X-AntiAbuse: Originator/Caller UID/GID – [995 32003] / [47 12]
X-AntiAbuse: Sender Address Domain – gator742.hostgator.com
X-BWhitelist: no
X-Source: /usr/bin/php
X-Source-Args: /usr/bin/php /home/tgt038/public_html/mlynchlandscapes.co.uk/wp-content/plugins/akismet/legacy.php
X-Source-Dir: sevenoaksbuilder.com:/public_html/mlynchlandscapes.co.uk/wp-content/plugins/akismet
X-Source-Sender:
X-Source-Auth: tgt038
X-Email-Count: 62
X-Source-Cap: dGd0MDM4O3RndDAzODtnYXRvcjc0Mi5ob3N0Z2F0b3IuY29t

Reply | Quote

Replies

Mine looks like this:

Subject: Can You Make Money With Surveys?
X-PHP-Script: ”email obscured purposely” for 178.86.6.97
From: Windows Secrets
Reply-To: ”email obscured purposely”
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Message-Id:
Date: Mon, 17 Sep 2012 14:21:55 -0400
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname – sin2.hostdime.in
X-AntiAbuse: Original Domain – arrowsmithfamily.com
X-AntiAbuse: Originator/Caller UID/GID – [615 32003] / [47 12]
X-AntiAbuse: Sender Address Domain – sin2.hostdime.in
X-Source: /usr/bin/php
X-Source-Args: /usr/bin/php /home/jobcaree/public_html/innovationluggage.org/wp-content/plugins/akismet/legacy.php
X-Source-Dir: jobcareerguru.com:/public_html/innovationluggage.org/wp-content/plugins/akismet
X-Nonspam: None

Reply | Quote

Thanks for letting us know.

Reply | Quote

This is the same Rui.

Reply | Quote

These are fake emails spoofing to be Windows Secrets. THEY ARE NOT from WS. Please either delete these or add a post here. This may allow our administrators to track down these individuals responsible for this phishing attack.

Reply | Quote

Kinda aimed at the wrong audience, n’est as? I would think most subscribers to Windows Secrets would know this was a scam. ………….
Delivered-To: xxxxx
Received: by 10.64.8.49 with SMTP id o17csp1476iea;
Mon, 17 Sep 2012 11:43:58 -0700 (PDT)
Received: by 10.68.234.65 with SMTP id uc1mr23792180pbc.89.1347907435870;
Mon, 17 Sep 2012 11:43:55 -0700 (PDT)
Return-Path:
Received: from server3.jehzeel.com (server3.jehzeel.com. [69.175.66.2])
by mx.google.com with ESMTPS id px6si16670393pbc.34.2012.09.17.11.43.55
(version=TLSv1/SSLv3 cipher=OTHER);
Mon, 17 Sep 2012 11:43:55 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of ”email obscured purposely” designates 69.175.66.2 as permitted sender) client-ip=69.175.66.2;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of ”email obscured purposely” designates 69.175.66.2 as permitted sender) smtp.mail=ylje@server3.jehzeel.com
Received: from ylje by server3.jehzeel.com with local (Exim 4.77)
(envelope-from )
id 1TDgIT-004M90-Kp
for ”email obscured purposely”; Mon, 17 Sep 2012 13:43:53 -0500
To: xxxxx
Subject: $50 for your first survey!
From: Windows Secrets
Reply-To: ”email obscured purposely”
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Message-Id:
Date: Mon, 17 Sep 2012 13:43:53 -0500
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname – server3.jehzeel.com
X-AntiAbuse: Original Domain – gmail.com
X-AntiAbuse: Originator/Caller UID/GID – [778 775] / [47 12]
X-AntiAbuse: Sender Address Domain – server3.jehzeel.com

Hi,

When you join GetCashForSurveys today, you will receive $50 free when you take your first paid survey!

We are not going to offer this special offer for much longer, so take advantage of this
opportunity while you can!

Click Here To Get Started Now! ”email obscured purposely”
It may sound hard to believe, but it’s true. There are thousands of companies out there who are willing to pay for your opinions regarding their products. This is an
important part of product research, and they rely on people just like you for
your honest opinion!

One man has single-handedly put together the largest database of companies that hire people just like you, to give their opinions on products.

Imagine getting paid for doing things like:

– Trying out new menu items from popular restaurants
– Take short surveys about new cars that are coming out soon
– Give your opinion about new clothing and shoe designs

Click Here To Get Started Now! ”email obscured purposely”

When you join, you’ll have access to all of these companies hand selected by me, Gary Mitchell.

Taking a few paid surveys in your spare time can really make a difference in your income.

Try it out, and remember, you get $50 for your first paid survey!

Click Here To Get Started Now! ”email obscured purposely”

Regards,
Gary Mitchell

Reply | Quote

There is no need to keep posting more email contents. It’s obvious they are not from WindowsSecrets. Do not download anything or visit any links from such emails.

Reply | Quote

There is no need to keep posting more email contents. It’s obvious they are not from WindowsSecrets. Do not download anything or visit any links from such emails.

So what is the policy anyway???
You ( an Admin ) says to not bother posting any more of these email contents. yet a couple of posts earlier, Super Mod, medico, say “add a post here to allow our admins to track down those responsible,etc., etc,”
I came back here to notify WS of the obvious Spam by this Gary Mitchell guy who now wants you to make $20 in 8 minutes online? ( sure thing, Gary )
now using an address of ”email obscured purposely”.
Are you now doing nothing to get rid of obvious spammers?

[Posted by a former VIP member.]

Reply | Quote

I don’t know how widespread this is, but someone who really is from Windows Secrets might want to include something in the next newsletter warning about such phishing to Windows Secrets members. I suppose it’s possible they’re sending them to a larger list and they are just more likely to be accepted by subscribers. Although, given what I would guess to be a greater amount of computer savvy among subscribers, perhaps that wouldn’t be the case.

-Eric

Reply | Quote

Windows Secrets is aware of the issue, as reported on the home page, and is looking into it:

Important Notice: You might have recently received spam e-mail that appears to have come from Windows Secrets. We can assure you, it did not come from us. We are investigating the issue. Our sincere apologies.
– The Windows Secrets staff

As I said, there is absolutely no point in posting endless copies of similar emails here, with obviously fake email addresses and from fictional characters. They will add nothing to the investigation that is going on.

This is the Windows Secrets Lounge. Most members of the moderation team have no relation to Windows Secrets or iNet Interactive. As such, we did what we could do – reported the situation. All we can say is that it was reported and the reply from Windows Secrets is the one I posted before.

From our point of view, that is from the Lounge point of view, which is where I am an Admin, that’s all we can do. I am sure Windows Secrets will provide more information as soon as it is available.

Reply | Quote

I agree that we have received more than enough of these fake emails. Initially it seemed an isolated case, but suddenly blossomed into a full fledged attack. I have personally reported this to the iNet administrator. He is working on the phishing problem. It appears this just started today. This morning when I first signed on, I read the first report of this problem, and this was presented in the Contact Us section by a non-member. I started the reporting process at that time. I also do not have the expertise or access to the Lounge S/W to personally track this, so I report it to the appropriate person to do so.

I can also personally state that we are taking spammers seriously. There have been many filters put in place to stop spammers. In addition we have manually banned many spammers trying to ply their garbage in the Lounge. We have been very proactive in ridding the Lounge of these individuals. I personally check every new member I see, and check every member signed on when I sign on.

Reply | Quote

I think it would be interesting to know if any of the email addresses receiving this spam are NOT on the Windows Secrets mailing list. I guess I’d be surprised if Windows Secrets was high profile enough that spammers would be send this out to random emails assuming people would recognize the sender.

Reply | Quote

As I stated, We did receive a comment in the Contact Us section that was a non-member (not registered at Windows Secrets) stating he had received this email.

Unfortunately hackers and spammers are constantly attempting to exploit forums such as ours to their advantage. Our administration is working diligently to stop these phishing attempts and preventing the same in the future.

Reply | Quote

This phishing/spamming problem’s solution has been found. Please read the official announcementhere.

Reply | Quote