Another Hotmail Scam.
January 2, 2002 9:08 PM   Subscribe

Another Hotmail Scam. Dated November 28th, this scam masquerades as a response to a request for a password. The HTML is convincing - convincing enough to fool a friend or relative who doesn't know better. It fooled me for a half a second. [More...]
posted by tpoh.org (19 comments total)
 
I apologize for the self-post, but I just learned about this scam tonight when I was clearing out my Hotmail account. I couldn't find any news about it, and felt it was of significant importance. We've all got a friend or family member who is not keen on the many ways Hotmail users can be scammed.
posted by tpoh.org at 9:09 PM on January 2, 2002


Wow! Now that's clever! Not that I'm envious, but I think it's a rather brilliant scam in comparison to other ones around.

Oh yeah, warn people foremost.
posted by Mach3avelli at 9:15 PM on January 2, 2002


But why would you give your soul to the Evil One and actually use a hotmail account?
posted by fleener at 9:19 PM on January 2, 2002


It didn't fool me at all. I'm so cool.
posted by noisemartyr at 9:34 PM on January 2, 2002


It's a self link, but I'll let it stand since it doesn't appear to be available elsewhere.

Can you post the HTML source from the email? I'm curious to see where the form action points, that'd be your culprit that is collecting passwords.
posted by mathowie at 9:41 PM on January 2, 2002


It's an old, old account. I scan through it every three or four months in the off-chance that an long-lost acquaintance may try to reach me there.
posted by tpoh.org at 9:43 PM on January 2, 2002


I've posted the source up in the same directory, under the name "source.html" - and I'll probably remove it before the weekend (thus, no link).

The culprit is canberkb@yahoo.com, and it appears the form action is being sent to a server by the name of tahribat.com in Turkey:
Registrant:
 HolyOne Corp
 Soz Gumusse S|kut Altindir
 Istanbul,  n/a
 TR    

 Domain Name: TAHRIBAT.COM
 
 Administrative Contact:
    One, Holy  holyonerulez@yahoo.com
    Soz Gumusse S|kut Altindir
    Istanbul,  n/a
    TR    
    +905320000000

 Technical Contact:
    One, Holy  holyonerulez@yahoo.com
    Soz Gumusse S|kut Altindir
    Istanbul,  n/a
    TR    
    +905320000000

 Billing Contact:
    One, Holy  holyonerulez@yahoo.com
    Soz Gumusse S|kut Altindir
    Istanbul,  n/a
    TR    
    +905320000000


 Record last updated on 04-Dec-2001.
 Record expires on 07-Feb-2003.
 Record Created on 07-Feb-2001.

 Domain servers in listed order:
    NS1.DNSSAHIBI.COM   213.194.99.11
    NS2.DNSSAHIBI.COM   213.194.99.12
posted by tpoh.org at 10:07 PM on January 2, 2002


What's this, then? (From the Tahribat.com site.)
posted by rschram at 11:22 PM on January 2, 2002


What's this, then?

Yup, that's a form to make these mails. I tried it out with two of my hotmail accounts, and it works.
posted by Berend at 4:03 AM on January 3, 2002


Pardon my ignorance but what's to be gained by hacking a hotmail account? Isn't it easy enough for someone to create untraceable accounts on these free email systems?
posted by HTuttle at 6:34 AM on January 3, 2002


You can read someone else's spam instead of your own
posted by Outlawyr at 6:40 AM on January 3, 2002


Well, I can see one big problem. People signing up for Hotmail accounts, and then registering for Amazon, BN, CDNOW, Half, et cetera, using their Hotmail address.

With someone's Hotmail account, an attempt could be made to retrieve a password registered with such a site and then (if the credit card is on file), either purchasing items fraudulently or attempting to retrieve credit card numbers.
posted by tpoh.org at 8:34 AM on January 3, 2002


So with the form previously mentioned, it appears that this is not a bulk-mail scam.

So I wonder why they chose my Hotmail address? The user-ID part of my Hotmail address is part of a domain name that I used to own. That domain name has since been registered to someone else, and a functioning website exists there. Maybe the person thought I was the domain name's current registrant.
posted by tpoh.org at 8:42 AM on January 3, 2002


With someone's Hotmail account, an attempt could be made to retrieve a password registered with such a site and then (if the credit card is on file), either purchasing items fraudulently or attempting to retrieve credit card numbers.

Do these sites still allow free email addresses to be used? Jeez, even many porno sites don't allow that anymore (err...so I've been TOLD!)
posted by HTuttle at 8:55 AM on January 3, 2002


Do these sites still allow free email addresses to be used?

They do if you supply a credit card. I wouldn't worry about it too much, you have to know the password of the ebay or whatever account to change it. Then again a lot of people use the same password for everything. There's also the bonus of reading saved emails which have those passwords in them. None of my web based email accounts have anything interesting saved in them and I use really nifty high-security passwords for anything that involves my CC.
posted by skallas at 9:16 AM on January 3, 2002


What we (err, I) need is a translation of the pages on the Tahribat.com site. What is this guy up to?
posted by rschram at 11:01 AM on January 3, 2002


The arab/engish translator was unhelpful. If you'd like to mess around further, use username/password mefi/mefi.
posted by daver at 11:42 AM on January 3, 2002


Well, I know that tahribat means "to plunder, pillage, devastate."
posted by rschram at 11:57 AM on January 3, 2002


maybe the arab / english translator was unhelpful because it's in turkish.
posted by jnthnjng at 1:05 PM on January 3, 2002


« Older Snow is falling throughout the WRAL-TV viewing...   |   according to andy borowitz, the cia is using Newer »


This thread has been archived and is closed to new comments